Public/Private Key Pairs for Mail-In databases (create shareable private key) 
Use this IdeaSpace to post ideas about Domino Server.

: -1
: 5
: 6
: Domino Server / Directory
: mail-in private public key export share
: Nathan Chandler1754 02 Feb 2010
: / Email
The Mail-in Database document has a public key field however there doesn't seem to be a way to use it that makes sense.
I'd like to be able to generate a new public key for that document along with a new, shareable private key which can be imported into other people's ID Files similar to the Secret Key method available today.
This would provide users the ability to encrypt emails to a shared mail-in database, and have authorised users read them without having to change ID as you would normally need to do if you used a shared ID File/Person doc combo.
Note I'm not suggesting that the existing private keys in individual ID files be exportable, just that you should be able to generate shareable ones.

1) Richard Schwartz4594 (16 Mar 2010)
I've been wanting this for more than ten years. What is needed is a separation of the the key pair used for authentication and signature from the key pair used for decryption so that a user ID can contain multiple private keys for decryption. Customers currently work around this by sharing a common ID file for access to encrypted messages in shared mailboxes, but this loses authentication of which real person acts on a message. A user should be able to read an encrypted message with a shared private key, but sign a reply to it with his own private key!
2) David Hablewitz15116 (25 Jun 2010)
Yes, you should be able to have multiple private keys. Another option is to create a single encryption key. But that only handles data once it gets to the database, not during transit.
3) Bill Malchisky12192 (08 Jul 2010)
If I am reading this correctly, you can export the public key. The private key should be kept private. Have an option to more easily share one's public key would seem more appropriate. But please correct me if need be.

@2, I agree...multiple private keys...but not share them. Just allow the corresponding public key to be easily passed along.
4) Nathan Chandler1754 (22 Feb 2011)
I'm not advocating making the users private key shareable, I'm saying there needs to be a shareable type of key which you can create so that you can send encrypted email to a mail-in database and authorised users can decrypt it without having to change ID (as you would if it was a person document style mailbox).

The reason is that you can maintian an audit trail - no users will share an ID File - and you can provide security and encryption capabilities to a shared mailbox.


Welcome to IdeaJam

You can run IdeaJam™ in your company. It's easy to install, setup and customize. Your employees, partners and customers will immediately see results.

Use IdeaJam to:

  • Collect ideas from employees
  • Solicit feedback and suggestions from employees and customers
  • Run innovation contests and competitions
  • Validate concepts
  • Use the power of "crowd-sourcing" to rank ideas and allow the best ideas to rise to the top

IdeaJam™ works with:

  • IBM Connections
  • IBM Lotus Quickr
  • Blogs and Wikis
  • Websphere Portal
  • Microsoft Sharepoint
  • and other applications.

IdeaJam has an extensive set of widgets and API's that allow you to extend and integrate IdeaJam™ with other applications.

Learn more about IdeaJam >>

IdeaJam developed by

Elguji Software Logo