SECURING YOUR DATA


How Notes uses public and private keys for encrypting and signing
mail

IBMR Lotus NotesR uses a public and private key set to encrypt and decrypt data, as well as to validate digital signatures. The public and private key in a set are mathematically related to each other and are unique to your User ID. Your public key is stored in your NotesR certificate. Your certificate is stored in your User ID and the IBM LotusR DominoR Directory. Your private key is stored only in your User ID.

People can encrypt data they send you by using the public key from your certificate located in the Domino Directory. When you receive encrypted data, your private key in your User ID decrypts the data.

What are the different types of public and private keys?

There are Notes public and private keys and Internet certificate public keys with their corresponding private keys. The Notes keys are used to encrypt data relayed between Notes users. The Internet keys are used to send and receive S/MIME mail messages and to encrypt SSL transactions between Notes and Internet servers.

When your User ID is created, it automatically has Notes public and private keys attached to it. Your Domino administrator can add Internet private keys during registration, or you can request them at a later time.

You can view your certificates by choosing File > Security > User Security (Macintosh OS X users: Lotus Notes > Security > User Security), clicking Your Identity > Your Certificates, and then selecting "All Certificates" in the drop-down list. You can view all of your certificates and saved keys (keys that you have replaced but still need in order to decrypt data).

How does the public and private key set work?

Your public key can be accessed by anyone who wants to send you encrypted mail or authenticate you.

Mail messages you receive are encrypted with your public key and decrypted with your private key. Your mail messages are digitally signed with your private key, and the signature is verified with your public key. Whatever is encrypted with your public key must be decrypted with your private key and vice versa. However, your private key is kept secret. Even though your public key can be accessed, your private key cannot.

Related topics
Encrypting mail
Adding signatures to mail
Accessing servers using certificates
Using dual Internet certificates for encryption and signatures
Creating new public keys