|
|
|
|
|
|
|
|
|
|
Using public key encryption to secure Notes documents (continued)
Continuing this example, I'll say that Mary Smith, John Doe, and Lisa Jones will have access to the three encrypted fields. Mary is the VP of Human Resources, John is the Personnel Director, and Lisa is in charge of payroll. All users who have access to the database through the ACL (Access Control List) will have rights to view the non-encrypted fields.
"PublicEncryptionKeys is an undocumented, reserved field name."
|
Here's where the process differs from secret key encryption. Instead of creating a secret key and storing the name of that key in the Form Properties dialog box, simply create a field on the form called PublicEncryptionKeys, as in Figure C. PublicEncryptionKeys is an undocumented, reserved field name. You must spell it exactly as shown. Make it a Names field and turn on "Allow multi-values". When a document is saved with that form, any encryptable fields will be encrypted with the public key(s) of the user(s) listed in the field.
FIGURE C
Add a PublicEncryptionKeys field to the form. Click picture for a larger image.
So in effect, only the people listed in PublicEncryptionKeys will be able to read the encrypted fields. In our example, we want the field to contain the names Mary Smith, John Doe, and Lisa Jones. For this example I'd make the field hidden and computed to force those values. In your application, it may work better with a visible, editable field so users can choose keys when the document is saved. It works equally well either way. Remember, though, that this technique works only in R5, not in R4.
R4 Public key encryption
The basic idea is the same in R4, but we have more hoops to jump through. If you create a PublicEncryptionKeys field on the form and fill it with one or more names, Notes will crash when the user tries to save the document. To get around this, create a field to hold the keys, but call it PEK. Since PEK is not reserved, Notes won't automatically try to encrypt fields based on it. In addition, you'll need another field called PEKReaders, as shown in Figure D. I'll explain why in a moment.
FIGURE D
Create the PEK and PEKReaders fields. Click picture for a larger image.
Set up PEKReaders as a computed Readers field and turn on "Allow multi-values". Set the value of PEKReaders to "LocalDomainServers".
Since Notes won't automatically encrypt the document for us, we need to create an agent that will. Create an agent called Encrypt Documents, and set it up as shown in Figure E.
FIGURE E
Create the Encrypt Documents agent. Click picture for a larger image.
It should trigger when documents are created or modified. It should only run on documents created with the relevant form; Employee in this example. This will be a LotusScript agent, so fill in the Initialize event with the code shown below.
Sub Initialize
Dim s As New NotesSession
Dim db As NotesDatabase
Dim doc As NotesDocument
Dim collection As NotesDocumentCollection
Dim item As NotesItem
Dim i As Integer
Set db = s.CurrentDatabase
Set collection = db.UnprocessedDocuments
For i = 1 To collection.Count
Set doc = collection.GetNthDocument (i)
Set item = doc.GetFirstItem ("PEK")
Set item = doc.CopyItem (item, "PublicEncryptionKeys")
Call doc.RemoveItem ("PEK")
Call doc.Encrypt
Call doc.RemoveItem ("PEKReaders")
Call doc.Save (True, True)
Next
End Sub
|
[ Prev | Next ]
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Get in the Spotlight! Teamstudio Spotlight Awards 2009
For the second year, Teamstudio is holding the Teamstudio Spotlight Awards Contest to recognize developers of the Notes community for their most remarkable Notes applications! Winners will be announced at Lotusphere 2009 January and featured in DominoPower in the month of February. Prizes to include:
1st Prize: Your choice of one configured software product with installation at one site, Teamstudio's complete suite of tools for one user and an iPod Touch.
2nd Prize: Teamstudio's complete suite of tools.
3rd Prize: One tool of your choice.
For more information on how to enter, click here! |
|
|
|
|
|
|
|
|
