As many developers know, Notes contains multiple layers of encryption technologies. An entire Notes database can be encrypted, so that someone cannot open the database just by coming into possession of it. Network traffic between the Notes client and a Domino server can be encrypted, to prevent someone from listening in on the line. And individual fields can be encrypted, so that only certain users can see the data in those fields.
Field-level encryption is one of the most powerful, but under-utilized, security mechanisms in Notes. This article contains a brief overview of this important feature, with pointers to longer articles for readers who want more information. I also include a sample database, so you can try encryption yourself.
Field-level encryption operates on designated fields in a Notes document, which you choose when designing a Notes form. When you encrypt a document, all the fields that you designated are encrypted. Any other fields are not. It is common to leave some field non-encrypted so they can appear in plaintext in views.
Field-level encryption can use two types of keys – a secret key that is stored in a Notes ID file, or the public key associated with a Notes ID itself. For someone to read a document that is encrypted with a secret key, the reader must have that secret key. So you must give the key to the reader and they must import the key to their Notes ID file. For someone to read a document that is encrypted with a public key, the reader has to have the private key associated with that public key. In other words, the reader has to be the person that you intended to read the document.
Encryption of a Notes document is triggered by the presence of the special fields SecretEncryptionKeys and PublicEncryptionKeys in a document. If one of these fields is present (and nonblank) the document is encrypted using the key(s) specified there.
There are advantages and disadvantages to secret keys versus public keys for encrypting documents. Secret keys are the right choice when many people will have rights to read the document. You can create a single secret key, and then give the key to all the people who will be allowed to read the document. (But make sure you give them the key in a secure way.) Public keys have the advantage that you don't have to give anything to anyone. Each intended reader already has the private key they need in their Notes ID. Public key encryption is useful when there are a relatively small number of readers, so it is easy to list them all in the PublicEncryptionKeys field of the document.
For Further Information
Using Field Encryption In Applications This article introduces the basic theory of field-level encryption and shows you how to implement it in your Domino applications. From Iris Today in 9/01 for R5.
Notes Encryption: Locks for a Digital World-- An overview of data encryption in general, and Notes encryption specifically. From Iris Today in 6/98 for R4.6. Still lots of valuable information though.
Sample database Used to develop this article. The database takes some of its ideas from Richard Schwartz's article above, but is simpler and shows fewer options. The keys Chuck's Personal Key and Key1 are used in the sample database and can be downloaded from .
http://www.DominoSecurity.org The best source for security information about Domino and Notes
This was first published in August 2002