Improved DAOS encryption security

DAOS object encryption now offers more secure encryption algorithms and the ability for Domino cluster mates to share encryption keys so that encrypted DAOS objects can be shared across servers.

When you encrypt objects with the server ID file, you can now choose AES-128 or AES-256 bit encryption.

For more flexibility, you can create a shared AES-128 key or AES-256 key in a credential store and configure DAOS to use the shared key to encrypt DAOS objects. Encrypting objects with a shared encryption key allows greater flexibility in backup and restore scenarios and it allows any DAOS objects stored in tier 2 to be shared across servers.

If you anticipate needing to revert a Domino 12 server to a pre-11.0.1 version, before upgrading the server to Domino 12, add the following notes.ini setting to force Domino to use the legacy encryption:
DAOS_NLO_ENCRYPTION_METHOD=0

When the Server document field DAOS object encryption is set to Private to this server, this notes.ini setting causes the "DAOS encryption strength" to be "Domino classic". Without this change, Domino 12 or later will default to AES-128 instead.

For more information, see Encrypting DAOS attachment files.