|
|
|
|
|
|
|
|
|
|
|
|
|
|
MORE ENCRYPTION TIPS
Advanced encryption techniques
By Tom Lowery
In the previous two issues of DominoPower Magazine I discussed secret key and public key encryption. In this third and final installment in the series, I'll discuss an additional secret key technique that can add flexibility to your secure applications. For a tutorial on secret key encryption, visit http://www.dominopower.com/issues/issue199909/encryption001.html. For a discussion on using public key encryption in your applications, visit http://www.dominopower.com/issues/issue199910/encryption001.html.
One of the drawbacks to the Notes secret key encryption scheme is that only one key can be used per form. You can't use one key for some fields and another key for other fields. It is possible to use more than one key to encrypt a document. However, all the encryptable fields are encrypted with all the keys. It still doesn't get around the problem of letting some people see some fields and other people see other fields.
I'll draw upon the Human Resources example from the September and October issues. The HR department wants to track each employee's name, department, job title, salary range, and current salary, as shown in Figure A.
FIGURE A
 
The Employee form contains attributes that describe each employee. Roll over picture for a larger image.
As before, we want to limit access to the SalaryRangeLow, SalaryRangeHigh, and CurrentSalary fields. Turn on Enable encryption for this field in the Field Properties dialog box for each field. Now it's time to choose who will have access to the encrypted fields. Continuing the previous example, I'll say that Mary Smith, John Doe, and Lisa Jones will each have access to one or more encrypted fields. Mary is the VP of Human Resources, John is the Personnel Director, and Lisa is Payroll Coordinator.
If we want all three individuals to have access to all three fields, we only need to create a secret encryption key, link it to the form, and have them add the key to their Notes ID files. This time, we want to set it up this way:
- Mary can access all three fields;
- John can access only the range information;
- Lisa can access only the current salary.
To accomplish this we need to break out the information onto different forms. We'll need three forms in all: Employee, Salary Range, and Current Salary.
The Current Salary form will have two fields, Name and CurrentSalary, as shown in Figure B. CurrentSalary is encrypted as it was before on the Employee form. The Name field is copied over to act as a foreign key to the Employee form. Basically, we need to know which employee the salary belongs to. In reality, you would probably use the Social Security number or some other unique identification number for this purpose.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Learn Notes and Domino 8 at your place and pace!
Learn Notes and Domino in your office and/or home! TLCC's highly acclaimed distance learning courses for users, developers, and admins will enhance your career and your resume.
The many included activities and demos will make you a pro! Expert instructor help is a click away.
Click here to try a FREE demo course!! |
-- Advertisement --
Mark your calendar for in-depth Lotus training, May 12-14, Boston
Join experts and peers May 12-14 in Boston for educational and networking events that deliver real-world Lotus training so you can increase productivity and efficiency in your company, advance your skills, and squeeze the most from your current environment. One registration gets you into THE VIEW's Admin2010 and Lotus Developer2010.
Register by December 31 to save $350. |
|
|
|
|
|
|
|
|
|
|