History of supported key sizes in Notes and Domino

Understand the RSA key sizes supported by Notes® and Domino® from past releases to the current release.

Matrix of RSA key sizes supported by Notes and Domino


		Hierarchical IDs	Hierarchical IDs	Flat IDs	Flat IDs
Version	Action	Domestic	International	Domestic	International
R8 - R14	accept	8192/4096(*)	512	630	512
R8 - R14	generate	4096/2048(*)	512	0	0
R7	accept	2048	512	630	512
R7	generate	1024	512	0	0
R6	accept	1024	512	630	512
R6, R5	generate	630	512	0	0
R5, V4	accept	760(*)	512	630	512
V4	generate	630	512	630	512
V3	accept	760/630(*)	512	630	512
V3	generate	512	512	512	380
V2.1	accept	0	0	512	512
V2.1	generate	0	0	512	380
V2, V1	accept	0	0	512	380
V2, V1	generate	0	0	512	380

* RSA Keys over 630 bits must be BER-formatted.

R8 - R14 can accept 8192 bit certifiers and 4096 bit users and servers.
R8 - R14 can generate 4096 bit certifiers and 2048 bit users and servers.
V3 could accept 760 bit public keys and 630 bit private keys
No version of Notes has ever generated keys between 631 and 760 bits, making that support strictly theoretical.

Key sizes supported by feature

Bulk data key sizes:

128 and 256 bit AES key support was added in 8.0.1
128 bit RC2 key support was added in 6.0.4/6.5.1
64 bit RC2 key support was added in V3
64/40 in international V4 through 5.0.3
32 bit RC2 in international V1, V2, and V3

Document Encryption Key (NEK) sizes:

128 bit AES key support was added in 8.0.1
128 bit RC2 key support was added in 6.0.4/6.5.1
64 bit RC2 key support has existed in all domestic versions of Notes
64/40 RC2 in international V4 and R5 pre-5.0.3
40 bit RC2 in French Notes
32 bit RC2 in international V2 and V3

Ticket (network authentication) sizes:

128 bit AES key support was added in 9.0.1 FP7
128 bit RC2 key support was added in R6
Domestic V3, V4, R5 used 64 bit RC2
V2 used 64 bit RC2 domestic, 40 bits international
64/40 in international Notes pre-5.0.3

Session key (network encryption) sizes:

Forward Secrecy for session keys via X25519 was added in 12.0
Forward Secrecy for session keys via DHE-2048 was added in 9.0.1 FP7
128 and 256 bit AES key support was added in 9.0.1 FP7
128 bit RC4 key support was added in R6
64 bit RC4 in domestic V4 and R5
64/40 RC4 in international V4 and R5 pre-5.0.3
French versions of V4 and R5 pretended to be V3 to use 40 bit RC2
V3 used 64 bit RC2 domestic, 40 bit RC2 international
V1 and V2 used 64 bit RC2 domestic, 26 bit RC2 international

Password-derived keys (ID file encryption keys):

Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA256 and iterated HMAC-SHA512 was added and enabled in 9.0.
Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA1 was added and enabled in 8.0.1.
Security policy settings were added to control or restrict ID file encryption strengths in 8.0.1.
Support for 128 bit RC2 was added in R6, and enabled in R7.
64 bit RC2 has been supported since day one for all versions of Notes.

Local database encryption:

This feature was added in V4.1. Five variations of local database encryption exist:

256 bit AES encryption was added in 12.0.2
128 bit AES encryption was added in 11.0.1
Medium and strong:
- 128 bits in R6
- 64 bit bulk key in domestic Notes from 4.1 to R6
- 64/40 bulk key in international Notes from 4.1 to 5.03
- 40 bit bulk key in French Notes from 4.1 to 5.03
Weak "encryption": RC4-based substitution

Weak and medium database encryption have been deprecated and are not available for use with new databases. The default database encryption strength was upgraded to 128 bit AES starting in 12.0.2.

S/MIME

SHA-256, SHA-384, and SHA-512 signature support added in 9.0
AES-128, AES-192, and AES-256 encryption support added in 9.0
3DES
128 bit RC2
64 bit RC2
40 bit RC2
DES

TLS

Support for SSLv3 has been removed. Only TLS 1.2 is enabled out of the box.
Forward Secrecy using NIST P-256, NIST P-384, and NIST P-521 was added in 9.0.1 FP4 IF2. Forward Secrecy using X25519 and X448 was added in 12.0.

ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (added in 12.0)
ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (added in 12.0)
ECDHE_RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP4 IF2)
ECDHE_RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP4 IF2)
ECDHE_RSA_WITH_AES_256_CBC_SHA384 (added in 9.0.1 FP4 IF2)
ECDHE_RSA_WITH_AES_256_CBC_SHA (added in 9.0.1 FP4 IF2)
ECDHE_RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP4 IF2)
ECDHE_RSA_WITH_AES_128_CBC_SHA (added in 9.0.1 FP4 IF2)
DHE_RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP3 IF2)
DHE_RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP3 IF2)
DHE_RSA_WITH_AES_256_CBC_SHA256 (added in 9.0.1 FP3 IF2)
DHE_RSA_WITH_AES_256_CBC_SHA (added in 9.0.1 FP3 IF2)
DHE_RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP3 IF2)
DHE_RSA_WITH_AES_128_CBC_SHA (added in 9.0.1 FP3 IF2)
RSA_WITH_AES_256_GCM_SHA384 (added in 9.0.1 FP3 IF2)
RSA_WITH_AES_128_GCM_SHA256 (added in 9.0.1 FP3 IF2)
RSA_WITH_AES_256_CBC_SHA256 (added in 9.0.1 FP3 IF2)
RSA_WITH_AES_128_CBC_SHA256 (added in 9.0.1 FP3 IF2)
RSA_WITH_AES_128_CBC_SHA (added in 8.0)
RSA_WITH_AES_256_CBC_SHA (added in 8.0)
RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA
RSA_WITH_3DES_EDE_CBC_SHA
RSA_WITH_DES_CBC_SHA
RSA_EXPORT1024_WITH_DES_CBC_SHA
RSA_EXPORT_WITH_RC4_40_MD5

Credentials for TLS

TLS credentials using NIST P-256, NIST P-384, and NIST P-521 can be used on any Domino 12.0 or above server.
Keyring files using SHA-256, SHA-384, and SHA-512 can be created using certreq and the CA process on 9.0 IF6 and 9.0.1 FP2 IF1 or above.
Keyring files using SHA-256, SHA-384, and SHA-512 can be created using OpenSSL, a third party CA, and kyrtool.
Keyring files using SHA-256, SHA-384, and SHA-512 can be used on any Domino 9.0 or above server.

Transport Layer Security (TLS) v1.2 via IBM HTTP Server

This feature was added in 9.0 and was never subject to export restrictions. Requires selecting "IBM HTTP Server" install-time option Supports ciphers that use AES and SHA-2.

The "IBM HTTP Server" install option was removed in Domino 10.0.

ID file recovery

This feature was added in R5 and was never subject to export restrictions. ID file recovery uses 1024 bit RSA asymmetric keys.

R5 generated and supported 64 bit RC2 bulk encryption.
R6 supported 64 and 128 bit RC2 bulk encryption, and would use 128 bit RC2 if the ID file could only be used with R6+ for other reasons.

Notes ID vault

This feature was added in 8.5 and was never subject to export restrictions.

2048 bit RSA vault ID file
2048 bit RSA vault operations (VO) key
256 bit AES transport encryption keys
256 bit AES storage encryption keys

Security Assertion Markup Language (SAML) service provider

This feature was added in 9.0 and was never subject to export restrictions.

Supported DigestMethod algorithms:

Supported SignatureMethod algorithms:

Supported EncryptionMethod (bulk) algorithms:

Supported EncryptionMethod (wrapping) algorithms:

Exclusive canonicalization (xml-exc-c14n) should be used; #WithComments or inclusive canonicalization (REC-xml-c14n) may not parse successfully.

Open ID Connect 1.0 (OIDC)

This feature was added in 12.0.2 and was never subject to export restrictions.

Supported key types (kty): RSA, EC, and OKP
Supported signing algorithms (alg): ES256, ES384, ES512, RS256, RS384, RS512, EdDSA
Supported elliptic curves (crv): P-256 (with ES256), P-384 (with ES384), P-521 (with ES512), Ed25519 (with EdDSA), and Ed448 (with EdDSA)
RSA keys must be at least 2048 bits long

Internet password stored in the directory

For users configured to use the more secure Internet password format that was introduced in 8.0.1:

In Domino 8.0.1, new or changed passwords are hashed using PKCS #5's PBKDF2 algorithm with HMAC-SHA1 and 5,000 HMAC iterations. This algorithm always includes a salt.
In Domino 14.0, new or changed passwords are hashed using PKCS #5's PBKDF2 algorithm with HMAC-SHA256 and 30,000 HMAC iterations. This algorithm always includes a salt.