Encrypting and signing messages

You can encrypt and digitally sign messages you send.

Before you begin

To sign, read, and send encrypted mail, your HCL Notes® ID must be stored in your mail file. If your mail file does not contain your Notes ID, all delivery options and preference settings for sign and encrypt are disabled. In addition, when you try to read encrypted mail that you have received, you will see only a warning in the body of the message saying the message is encrypted. Check the status message to determine if your mail file contains a Notes ID file. If it does not, import your Notes ID. To do this, go to Preferences > Security.

Note: Whenever credentials in your Notes ID change - for example, your password, certificates, public keys, and so on - it is recommended that you reimport your ID so you are using the most current version.
Your mail recipients also need a Notes certified public key or Internet certificate in order for you to send them encrypted messages. If you try to send an encrypted message to a recipient who does not have a public key, you have two options:
  • Send an unencrypted message.
  • Have them send you a message that is signed using their Internet certificate or Notes public key. Then, when you receive the message, add the name to your Contacts. The contact record will include their Internet certificate or Notes public key.

About this task

Encrypting a message scrambles the information so that only the recipients you specify can read it. Signing a message ensures the recipient that you are the author of the message, and that no one has tampered with the information in it. This is a digital signature, which is different than a personal signature. A digital signature is a scrambled version of your signature.

If a message is encrypted, a padlock icon displays next to the sender's name. If a message is signed, a seal icon appears. If trust cannot be verified or if the message has been tampered with, a broken seal icon appears.

You can encrypt and sign each message individually, or configure your mail so that all of your messages are encrypted and signed. To encrypt and sign individual messages, from a message you are creating check Sign or Encrypt before sending the message. Use the following steps to encrypt and sign all your mail messages.

Procedure

  1. Go to Preferences > Mail > General.
  2. Select Sign mail that you send and Encrypt mail that you send.
  3. (Optional) To send S/MIME encrypted mail even if the recipient's certificate is not a trusted certificate, select Always trust Internet certificates for S/MIME encrypted mail that you send.
    Note: You may receive the following messages if your Notes ID is not stored in the Domino directory, or if it has become corrupted. Contact your administrator for assistance.
    • Error detected trying to open your encryption keys, possibly caused by data corruption.
    • Error detected trying to read your encryption keys, possibly caused by server configuration error.
    • Error detected trying to open ________ document, probably caused by data corruption. Document deleted.
    • The body of this message is encrypted. To read encrypted documents, you must import your Notes ID.