Manage Learn to apply best practices and optimize your operations.

Encryption and privacy in Lotus Notes Domino

Get an overview of encryption and privacy for several tools in your Lotus Notes Domino environment.

This article is aimed at readers who are new to Lotus Notes Domino and provides an overview of the encryption and privacy features within these products, with some links to further information at the end. All configuration information refers to the R6 version of Lotus Notes Domino. R7 is similar.

IBM Lotus has designed a variety of data-hiding features in Notes/Domino. Most of the features are arranged in a clean hierarchy, but a few overlap and offer competing alternatives. I will begin at the networking level, and then narrow in on individual data fields within a database.

Network traffic

If the data passed back and forth over your network is sensitive, you should encrypt data packets so that unwanted listeners cannot read the information as it zips by on the wire (or in the air).

For Notes-to-Domino sessions, you can use native network port encryption, which does exactly that. See Domino Administrator -> Server -> Status -> Tools -> Ports -> Setup.

For browser-to-Domino sessions, Domino supports the industry-standard HTTPS protocol, which achieves the same goal. See Domino Administrator -> Configuration -> Server -> All Server Documents -> server-name -> Ports \-> Internet Ports -> Web.

Server access

Once someone gains access to your network, you want to control access to individual servers. You might want to authorize a user to be able to read everything on Server A, but nothing on Server B. You can accomplish this through the Domino server access settings. See Domino Administrator -> Configuration -> Server -> All Server Documents -> server-name -> Security.

Database access

After a person gains valid access to a particular server, you can control which databases on that server a user can see, and what that person can do within those databases. The central mechanisms to control database access are access control lists (ACLs), which can be found within each database itself.

Open a database with Lotus Notes, then see File -> Database -> Access Control -> Basics. You also can see the same settings from Domino Administrator -> Files -> database-name -> Tools -> Database -> Manage ACL.

Database encryption

This is an additional layer of encryption that hides the text within a database (such as a mail file), in case someone gains access to your computer. A common situation is when users lose their laptops. The new owner has physical possession of a user's mail file, allowing him or her to read it easily.

Database encryption uses your Notes ID to encrypt the data, so the person holding a laptop would need to know the user's Notes ID password to read any mail. Open a database with Notes or Domino Administrator, and see File -> Database -> Properties -> Basic (first tab) -> Encryption Settings.

Document encryption

This is logically similar to database encryption, except it works per document. You choose which documents to encrypt out of a larger database that may not itself be encrypted. You must specify which fields within the documents receive the encryption (since you usually want some basic fields to say unencrypted).

You can encrypt documents either with a Notes ID or with separate secret encryption keys. To create secret encryption keys (from Notes) see File -> Security -> User Security -> Notes Data -> Documents. To encrypt documents see (from Notes) database-name -> select document -> File -> Document Properties -> Security (fourth tab).

Encrypted and signed mail

These two options deal specifically with mail messages. The first ensures that only intended recipient(s) can actually read mail . Someone else might gain access to a message, but he or she will not be able to read it without the Notes ID of the true recipient.

Signing a mail message assures the receiver that the message is not tampered with during transmission. Just like an ink signature, electronic mail signing proves you were the only person who edited the message. While composing an e-mail message, see Delivery Options -> Basic -> Sign & Encrypt.

For more information


Dig Deeper on Lotus Notes Domino Email Encryption



  • Favorite iSeries cheat sheets

    Here you'll find a collection of valuable cheat sheets gathered from across the iSeries/ community. These cheat ...

  • HTML cheat sheet

    This is a really cool cheat sheet if you're looking to learn more about HTML. You'll find just about everything you every wanted ...

  • Carol Woodbury: Security

    Carol Woodbury