SECURING
Configuring AES for mail and document encryption in an IBM Notes 8.0.1-only environment
Before you begin
To use AES for mail and document encryption, user IDs must use 1024-bit or higher RSA keys.
Procedure
1. In the Domino Administrator client, create a new Security Settings document, or open an existing one.
2. Click Keys and Certificates.
3. In the Document/Mail Encryption Settings section, click Use FIPS 140-2 algorithms for Notes encryption (requires 8.0.x or higher server and client).
4. Assign the settings to a policy.
Results
Following this procedure results in AES always being used for mail and document encryption.
Configuring AES for mail and document encryption in a mixed-release environment
About this task
If there are 8.0.1 or higher clients and servers interact with clients and servers running releases prior to 8.0.1, you use the "Encryption Capabilities" tool in the Domino Administrator to configure AES document encryption capability on a per-user basis for those users who run at least 8.0.1.
Do not perform these steps if you have enabled mail and document encryption through a policy (described above), because the settings below will be ignored.
1. If the IDs of the 8.0.1 or higher users and servers do not use 1024-bit or higher RSA keys, roll over the keys to be 1024-bit or higher.
2. In the Domino Administrator client, click People & Groups.
3. Select the names of 8.0.1 or higher users for whom you want to enable AES document and mail encryption.
4. Click Tools -> People -> Encryption capabilities.
5. Click Capable of decrypting FIPS 140-2.
The Person documents for the users you specify have the field Can decrypt documents using FIPS 140-2 approved algorithms set to Yes. When these users encrypt documents or mail, the encryption algorithm that is used depends on the encryption capabilities of all the recipients who will decrypt the document or message:
Related tasks User and server key rollover