Public key security

Every Notes® user ID and Domino® server ID has a unique public key for the Notes certificate. The public key is stored in an ID file and in the Person or Server document for that ID in the Domino Directory. Notes and Domino use the public key to authenticate users and servers, verify digital signatures, and encrypt messages and databases. A Notes user ID can also have a unique public key for an Internet certificate.

Issuing new public keys for a Notes certificate

If you suspect that an ID has been compromised because it was lost, stolen, or copied without permission, you can create a new public key for the ID. Creating a new public key allows you to maintain other parts of the ID -- for example, the encryption keys -- rather than create an entirely new ID, so that users can still use their old keys to decrypt encrypted email.

Notes users can create a new public key for the Notes certificate. The new public key must be certified before it can be used by Notes.

After certifying a new public key, you should set up servers to verify public keys. Public key verification involves matching the public key stored in the Domino Directory with the public key on the ID. Verifying public keys prevents an unauthorized user from using the ID with the original public key to access the server.

Note: This is done in addition to the key verification done by validating the certificate presented by the user during authentication.

Adding an existing Notes public key

When you register a user or server, Domino automatically adds the Notes public keys to the corresponding Person or Server document. However, you may need to manually add a user or server ID's public key in these situations:

Related concepts
Electronic signatures
SSL and S/MIME for clients

Related tasks
Creating a Directory Assistance document for a remote LDAP directory
Adding a Notes public key to the Domino Directory
Scheduling replication of the Domino Directory