Regardless of which method you use, there are limitations you should be aware of. Domino supports only one key, or key set, per document. You can't encrypt some fields with one key and other fields on the same document with another key. It's possible to use more than one key per document, but all the keys together (the key set) effect all the encrypted fields on the form. Another limitation effects document editing. Only users with a valid encryption key can edit documents created with that form. You can't have one group of people who can read encrypted fields and another group of people editing the documents. It has to be the same group. In a future article, I'll show you a technique for getting around these limitations.

There is one more distinction worth mentioning: North American vs. International encryption. This simply refers to the length of the keys involved. U.S. law prohibits the export of encryption technology unless the key lengths are shorter than a given limit. Therefore, Domino users outside the U.S. and Canada are forced to use encryption with shorter, less secure keys. This law is misguided at best, but that's another article.

Encrypting fields on a form
Now let's get to the nuts and bolts of the matter and see how to use field-level encryption in an application. You'll need to decide a few things. First, what fields need to be protected, and from whom? Also, do you want to use a secret key or public keys? Say I'm building a records database for Human Resources. They want to track all the usual HR things for each employee, such as the employee's name, department, job title, salary range, and current salary, as shown in Figure A.

FIGURE A

The Employee form contains attributes which describe each employee. Click picture for a larger image.

Note that all the screen shots in this article show Notes/Domino R4. The methods involved are exactly the same for R5.

It's a sure bet you'll want to limit access to the salary range and current salary fields. Fortunately, this only takes a few clicks. First select the field you want to encrypt. I'll start with SalaryRangeLow. Double click it to bring up the Field Properties dialog. Select the Options tab and, at the bottom of the window under Security options, select Enable encryption for this field, as I've done in Figure B.

FIGURE B

Enable encryption in the Field Properties dialog for each field you want to encrypt. Click picture for a larger image.

Repeat this step for each field on the form you want to encrypt. On this form, I'll continue by enabling encryption for SalaryRangeHigh and CurrentSalary.

Each field you encrypt will show up with red field brackets instead of the usual gray ones. This lets users know they're entering data into an encrypted field.

Creating a key
Now we need to determine who will have access to these fields and what the key structure will be. In this example, I'll say that Mary Smith, John Doe, and Lisa Jones will have access to the three encrypted fields. Mary is the VP of Human Resources, John is the Personnel Director, and Lisa is in charge of payroll. Everyone who has access to the database through the ACL will have rights to view the plain-text (non-encrypted) fields.