Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
IBM Notes 10.0 Help
  • IBM® Notes® 10.0.1 documentation
  • What new in IBM® Notes® 10?
  • Elements of Notes®
  • Advanced Getting Started topics
  • Mail
  • Calendar
  • Getting started with Calendar
  • Working with meetings
  • Personalizing your Calendar settings
  • Calendar access and delegation
  • Other things you can do with Calendar
  • Troubleshooting Calendar
  • Advanced Calendar topics
  • To Do
  • Contacts
  • Notes applications
  • Blogs (web logs)
  • Locations and accounts
  • Automating tasks using simple agents
  • Sharing information with other applications
  • Notes roaming user
  • Replication
  • Search
  • Securing your data
  • Widgets and Live Text
  • Error messages
  1. Home
  2. Securing your data

    IBM® Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.

  3. How Notes® uses public and private keys for encrypting and signing mail

    IBM® Notes® uses a public and private key set to encrypt and decrypt data, as well as to validate digital signatures. The public and private key in a set are mathematically related to each other and are unique to your User ID. Your public key is stored in your Notes certificate. Your certificate is stored in your User ID and the IBM Domino® Directory. Your private key is stored only in your User ID.

  4. Requesting certificates or cross certificates
 Go to Feedback
  • Securing your data

    IBM® Notes® security enables you to protect your workspace and data at all times, so only you and the people you designate have access to your data.

    • Your Notes User ID and how to store it
    • Changing passwords

      Passwords prevent others from using your User ID. When your administrator creates your User ID, he or she decides whether it needs a password, and what type of password is required. Once you access IBM® Notes® for the first time, you should change your password to something that you can remember but is hard for others to guess.

    • Using Notes shared login to eliminate Notes password prompts

      Notes® shared login (hereafter shared login) allows you to start IBM® Notes and use your User ID without having to provide a Notes password. You only need to log in to Microsoft® Windows® using your Windows password. Your administrator controls whether you can use shared login.

    • Locking the Notes ID

      Locking your IBM® Notes® ID prevents others from using Notes when you are away from your computer. Locking your ID clears your Notes credentials and drops all connections to Notes servers. You must log in again in order to take any new action using Notes.

    • Enabling Smartcards for Notes® login

      Smartcards resemble credit cards, but instead of containing a magnetic strip they contain a microprocessor and memory. You can use a Smartcard with your User ID to login to IBM® Notes®, provided you have a Smartcard reader installed on your computer. Once your User ID is enabled for Smartcard login, you are prompted for your Smartcard Personal Identification Number (PIN) in place of your Notes password.

    • Requesting a new user name

      If you want to request a new User Name - for example, if you got married and you want to change your name - you must contact your administrator.

    • Your Notes® and Internet names

      You can view all the names that identify you in Notes®.

    • Sending mail to your administrator
    • Accessing servers using certificates

      A certificate is an electronic stamp, like a stamp on a passport, which verifies to a server that you are who you say you are. Certificates are stored in your User ID. When you first receive your User ID from your administrator, it contains a Notes® certificate. You may decide to use Internet certificates as well. (You may see Internet certificates being referred to as X.509 certificates.)

    • The Access Control List

      Every database includes an access control list (ACL), which IBM® Notes® uses to determine the level of access users and servers have to a database. Levels assigned to users determine the tasks that users can perform on a database. Levels assigned to servers determine what information within the database the servers can replicate.

    • Restricting access to local databases

      When you enable encryption for a local database, IBM® Notes® encrypts the database using your public key from your User ID. You are the only one who can then decrypt the database because you have the corresponding private key in your User ID. Nobody else's User ID can open the database.

    • Notes data

      You can restrict access to applications you have stored locally or encrypt a document in an application.

    • Preventing others from reading or viewing specific documents

      You can protect your documents, so that only you and the people you designate can read them, even if others have access to the database your documents are in.

    • Encrypting documents using secret keys

      Using a secret encryption key that is stored in your User ID, you can encrypt a document that you are posting in a public database, provided the document contains fields that are encryptable.

    • How Notes® uses public and private keys for encrypting and signing mail

      IBM® Notes® uses a public and private key set to encrypt and decrypt data, as well as to validate digital signatures. The public and private key in a set are mathematically related to each other and are unique to your User ID. Your public key is stored in your Notes certificate. Your certificate is stored in your User ID and the IBM Domino® Directory. Your private key is stored only in your User ID.

      • Encrypting and digitally signing email messages

        You can set IBM® Notes® to digitally sign and encrypt email messages you send to other Notes users or to users over the Internet.

      • Mail security

        You can access your mail security options through the User Security window.

      • Mail encryption failure

        The "Mail Encryption Failure" dialog box appears when you want to encrypt an outgoing mail message and IBM® Notes® can't find the recipient's certificate to encrypt the message.

      • Location configuration for signing Internet-style (S/MIME) mail

        You can view your Internet mail address information.

      • Edit locations (format for sending mail to Internet addresses)

        IBM® Notes® Internet-style mail uses secure MIME (S/MIME) protocols for sending and receiving encrypted and signed mail. Internet-style Notes mail is required to secure mail to people over the Internet, and is optional to secure your mail to other Notes users.

      • Edit locations (Internet Mail Address)

        IBM® Notes® Internet-style mail uses secure MIME (S/MIME) protocols for sending and receiving encrypted and signed mail. Internet-style Notes mail (S/MIME) is required to secure your mail to people over the Internet, and is optional to secure your mail to other Notes users.

      • Incoming mail

        You can select the type of format in which you prefer to receive your incoming mail.

      • Encryption certificate configuration for Internet-style (S/MIME) mail

        You can view details about your encryption certificate, used for mail with people outside of IBM® Notes® and for mail from Notes users if you are configured to receive Internet-style (S/MIME) mail.

      • Certificate configuration for Internet-style (S/MIME) mail

        You can view the Internet certificates located in your User ID. The certificates listed are the certificates that you can use to send and receive secure and signed mail through IBM® Notes® with others over the Internet. One of these Internet certificates must be designated as the default signing certificate.

      • Using dual Internet certificates for encryption and signatures

        You use your Internet certificate to sign messages that you send. Other people use your Internet certificate to encrypt messages they are sending to you. This is similar to how IBM® Notes® certificates work. However, if you have more than one Internet certificate, you may be able to use one Internet certificate for signing messages and another Internet certificate for people to use to encrypt mail messages.

      • Select default signing certificate

        You if you have more than one Internet certificate, you can select which one to act as the default signing certificate.

      • Internet-style Notes mail options

        You can configure your Internet certificates for sending and receiving secure mail with people outside of IBM® Notes®.

      • Creating new public keys

        If you lost your User ID, or someone has taken it to access your data, you should change your password and create new public keys (a new IBM® Notes® multi-purpose certificate and a new Notes international encryption certificate).

      • Publishing your Notes certificate for others to access

        You may want to publish your certificate containing your public key so others can use it to encrypt data being sent to you. The certificate can be published in the IBM Domino Directory or sent to an individual, so that person can publish it in their Contacts. How to publish your public key depends on whether or not you are an IBM Notes mail user.

      • Certificates in your ID file

        You can display all IBM® Notes® and Internet certificates that are found in your User ID.

      • Merge certificate into your User ID
      • Examining certificates

        You can examine your certificates from your Contacts.

      • Certificate authorities and the certificates they issue

        You can view all of the IBM® Notes® and Internet certificate authority (CA) certificates that you trust.

      • Requesting certificates or cross certificates
      • Creating a cross certificate on demand

        In the following situations you may be prompted to create a cross certificate.

      • Requesting cross certificates or merging information
      • Retrieving certificates and cross certificates from your home server

        To access IBM® Notes® servers in other domains, to verify digital signatures, or to encrypt messages using S/MIME, you must have cross certificates in your Contacts. You can add to your Contacts Internet certificates and Notes and Internet cross certificates from the IBM Domino® Directory on your home/mail server.

      • Advanced certificate details

        You can view details about your selected IBM® Notes® or Internet certificate.

      • Trust details

        When you are viewing certificates from people and services you can view Trust Details for a selected certificate. Trust Details displays the name of the certificate, and what kind of trust you have established for it. The following are reasons why you might trust a certificate.

      • Certificates for people or services

        You can view all of the IBM® Notes® and Internet certificates that you trust and don't trust for specific people or services.

      • To delete your Notes pending public keys

        If you have IBM® Notes® pending keys that you do not need anymore, you can delete the keys from your User ID. You get Notes pending keys when you request new Notes public keys. The reason you might not need your Notes pending keys any longer is if you've decided to not update your Notes certificates with new public keys. In this case, pending keys have not yet been used for any purpose, therefore it is safe to delete them, assuming you definitely don't want to complete your request for new public keys.

      • Exporting a safe copy of your User ID

        When renewing IBM® Notes® certificates or requesting new public keys using removable media or another mail program, you need to create a safe copy of your User ID and save it to removable media or directory that you can access.

      • To import new information from removable media into your User ID

        When you import new information into your User ID, such as a new public key, you may need to make sure to update any copies of your User ID as well.

      • Key rollover

        Key rollover is the process used to update the set of Notes® public and private keys that is stored in your ID file. This set of keys may need to be replaced - for instance, to increase security by updating to larger keys, or to recover if your private key has been compromised in some way.

    • Restricting execution access with the Execution Control List

      You can protect your workstation by specifying different types of execution access for different people or organizational certifiers who run IBM® Notes® scripts and formulas. For example, you may give all types of execution access to your IBM Domino® administrator, but allow no execution access to unsigned scripts or formulas.

    • Securing your POP3, IMAP, or LDAP accounts

      IBM® Notes® supports Secure Sockets Layer (SSL), which makes communication secure for your POP3, IMAP, or LDAP accounts. SSL encrypts the data that is sent between your Notes client and the server you specify for your account. Notes supports SSL versions 2.0 and 3.0. By default, Notes negotiates the best SSL version to use with a particular server.

    • Signed plug-ins

      Your administrator may have selected plug-ins to be installed automatically with your client software. These plug-ins are signed with a certificate that is trusted by your client, and verified that the data they contain is not corrupted. Plug-ins signed in this way can then be installed without having to prompt you to accept them.

Requesting certificates or cross certificates

Click any of these topics:

  • Renewing Notes® certificates before expiration
  • Sending and receiving Notes® certificates to establish trust
Related information
  • Accessing servers using certificates
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences