IBM Notes Public & Private Key - Key Types, Create, Request & Errors

What is Public key and Private key in Lotus Notes?


IBM Lotus Notes uses the Public key and private key to encrypt or decrypt the data and also for the validation of digital signatures. Both public and private key are related to each other and unique for User ID. This public key gets stored in the Notes Certificate and the Certificate is stored in User ID and in the Lotus Domino Directory. But to keep the secret more confidentially private key is stored in User ID file only.

A user can encrypt the data which they send to other by using the public key which is located in the Certificate of Domino Directory. And when other user received that encrypted data they use the private key which is stored in user ID file to decrypt the data.

Types of keys in Lotus Notes


  1. Notes Public and private keys : The Notes Keys are used to data encryption which relayed between Notes users.
  2. Internet keys : It is used to send and receive S/MIME emails and for SSL transaction encryption between Notes and Internet Servers.

IBM Notes Public and private keys is attached to User ID whenever it is created automatically. And add Internet keys during the registration of Domino administrator otherwise it can be requested at later.

How do the public and the private key is set to work?


As you know users public key can be accessed by anyone whoever sends you the encrypted mail and the one who authenticates you.

The emails which the user receives are strongly encrypted by using Lotus Notes public key and can be decrypted by using their own private key. This emails can also be digitally signed with users private key and this digital signature gets verified using the public key. Anything which gets encrypted by using public key is needed to be decrypted with a private key and vice versa. As we know users private key is kept secret means that public can be accessed by anyone but private key cannot.

How to copy the certified public key from notes id file?


To copy the public key from Lotus Notes ID file, go through the following steps from Admin Client:

  1. In Domino Administrator click on the Configuration tab.
  2. Go to the Tools pane and then click Certificates and choose the Private key.
  3. Select to open the ID file to examined it and also enter the password.
  4. The ID properties window will be open, select your identity and then certificates.
  5. Click on Other Actions and click to choose Mail/Copy Certificates (Public Key)
  6. Hit on Copy Certificate option, if the user is a remote user then you can select Mail Certificate. It will copy the all public key to the clipboard.
  7. Now paste public key into the document of associated person in the people view of the administrator client.

For the user to mail the administrator a copy of their public key go to the following actions: File → Security → User Security → Your Identity → Your Certificates → Other Actions → Mail/Copy Certificate(Public Key) → Mail Certificate → To(address) → Send

How to Paste the Public key in the Domino Directory?


  1. Open the user‘s document in Domino Directory i.e names.nsf file.
  2. Click on Edit person.
  3. Click to select the certificate tab.
  4. Delete the earlier contents from “Notes Certified public Key” section and again select on Edit button and paste to add new key here in this field.

How to request & create New Public Key in IBM Lotus Notes?


Request Public key using Authentication Protocol

  1. Click on File, go to Security and select User Security.
  2. Click on Certificates, go to Other Actions and select Create New Public Key.
  3. Choose “New Key Strength” option from drop down list.
  4. For requesting new certificate select “Authentication Protocol(recommended)”.

You can also request for a new Public key using an email:

  1. Follow the above given first three steps.
  2. Select “Mail Protocol” to request a new certificate.
  3. To submit a new set of public keys click on “New Set” and if there is already submitted the public keys so to resubmit it click on “Resubmit” and hit on Continue button.
  4. Provide the name of Domino Admin in “To” field to send User ID with new proposed public keys and click on Send button.
  5. When the admin sends back you an email which includes new certificates, Open the email and select Actions and Accept Certificate.

Error: “Your Public key was not found in Domino Directory“


When does this error occur?

When renaming a roaming user, the updated ID file gets attached with the Personal Address Book. And when the user log in from different workstation after authentication with server takes place, then replication happens and local ID is updated. This error occurs when the field “Compare Notes Public Keys against those stored in Directory” is set to yes on Server document’s Security tab.

Solution:

Set the field “Compare Notes public keys against those stored in Directory” to No, or can copy the updated ID to other additional workstation.

Conclusion:


As we know Lotus Notes is known for its high-security features. It has security keys Public and private keys. In this article, we discussed the keys of Lotus Notes and how it can be used for data encryption and decryption. We conclude here that Lotus Notes public and private keys play an important role in making this application more secure.

Technical tip:

In case you got so many corruption issues in various NSF files created in Lotus Notes directory and you are unable to get rid of it. In such situation, use a perfect solution to move NSF to PST and import PST file in MS Outlook to access Notes database.