UNIMAS Official Wiki » Dashboard » HOW-TO, Tutorial & User Manual » How To : Encrypt UNIMAS Email

How To : Encrypt UNIMAS Email

Last modified by Ahmad Zikrilah Bin Abdullah on 2016/05/24 16:11


Lotus Notes certificates use the RSA algorithm. Certificates are used for Authentication and Encryption. When servers and users are initially registered, an ID file is created. The ID file contains the name and two RSA key pairs. The first pair are unique to the person/server being registered and the second pair are common to the organization. We refer to these as certificates. Optionally there may RSA key pairs for all of the OUs that the server/user belongs to. The ID file is encrypted using the password. The public parts of the key pairs are stored in the Domino Directory.

Now when a user wants to access a server, he must have the ID file and he must know the password. Name and password are not enough. He decrypts the ID file by supplying the password. When he requests access to the server, He sends the server the names of the certificates that he holds. His personal certificate and the organization's certificate. The server compares the certificates and notes that we have the organization certificate in common. The server generates a random number which the server encrypts using the organization's public key and sends it to the user. The user the private key to decrypt the random number and send it back in the clear to the server. The process is then reversed, so that trust occurs in two directions.

Step By Step

Mail Encryption
Now when a user sends an email may choose to encrypt an email in a couple of ways. First under User Security the end user can set a number of preferences:


Secondly, while sending an email and displaying Additional Mail Options



Our user can easily encrypt.



When we send the email, we take the recipient's public key from the Domino Directory and encrypt the body of the email. The servers along the route can read the "send to" information but not the body of the message. When it is delivered to the recipient, he has already opened his ID file and when he opens the message, he decrypts it using his private key.

The sender's copy of the mail message is encrypted using his public key and it is stored in the mail file on the server. When the sender opens his message the body is decrypted using his private key. If you watch the status bar, it will state "decrypting document".

The problem is that even though the specially created Notes ID that can access the entire mail and is used to migrate the mail, calendar and contacts. This ID file does not have the private key in order to decrypt the body field.

Created by Administrator on 2016/05/24 16:05

Start Here

Welcome to the UNIMAS WIKI.
To start, use search function by entering keywords in the search box below :

Quick Navigation


HOW-TO, Tutorial & User Manual

HOW-TO, Tutorial & User Manual




Recently Created

jtpresley | 67154 | noora | 66168 | e-Adu

Recently Modified

My Recent Modifications

This wiki is licensed under a Creative Commons 2.0 license
XWiki Enterprise 5.0.3 - Documentation