IBM Support

How to remove encryption from documents

Question/Answer


Question

Converting from North American security to International security in Lotus Notes®/Lotus Domino® requires generating new user IDs. Users who have encrypted mail in their mail file will not be able to read any of the encrypted information with the new ID. How can these users read their old mail with the new ID?

You want to remove encryption from one or more documents for one of the following reasons:

-- You are changing to a new ID.

-- You are converting from the Notes Domino environment North American security to International security.

-- You simply want to unencrypt the data.

How can the encryption be removed so that the documents can still be read once you receive your new ID?

Answer

The example below can be applied to non-mail databases as well as mail databases.

NOTE: If the user IDs have already been upgraded to an international ID and the original North American IDs are not available (or the original ID is not applicable), then there is no way to access the encrypted information and the agent below should not be used. If the document was encrypted using a Private key, the key must be attached to the user's ID. If the key is not available, then the agent below should not be used.

 


If the documents have been encrypted by a number of users, the appropriate ID or Private key must be used to execute the agent on those documents. Otherwise, the documents may become damaged. For example, the agent should be run by User A on the documents that User A encrypted, using User A's ID/Public key. The agent should be run by User B for the documents that User B encrypted, using User B's ID/Public key. In the case where the encryption was performed using a Private key, any ID with that Private key can be used to execute the agent. Again, the agent must only be applied to documents encrypted using that Private key.

NOTE: Relating to mail files: The process requires that MIME content be converted to CD (Rich Text) format. This conversion can cause undesired results:

 

 

If the above issues are a concern for you, then you should make use of the encryption removal method described in Document #1110567, "Removing encryption from all documents in your mail file"

Steps to remove encryption from documents:

1. First, create a view named "Encrypted". The view selection formula you use will vary depending on the type of database with which you are working.

 

 

  • If working in a mail file, then use the following:
      • SELECT (Encrypt = "1" |  EncryptionFlags = "2")




      •  
    If you are working in a non-mail file and want to remove encryption from documents encrypted with a Private key, then use the following formula:
      • SELECT @IsAvailable(SecretEncryptionKeys)




      •  
    If you are working in a non-mail file and documents may be encrypted using either a Public or Private key, then use the following:
      • SELECT @All

    In the above scenario, if you want to remove encryption based on the Form or other field value, then remove the @All. For example: Select Form = "Report".

    In other scenarios, use an ampersand (&) to add additional criteria to the selection formula. For example: Select Form="Report" & @IsAvailable(SecretEncryptionKeys)




  •  

2. Create an agent with the following code. Set it to run manually from Actions menu on all documents in the database.

NOTE: For this sample script to perform as intended, variables and other script elements must match those used below. Product Support cannot customize this script for a customer's configuration.

 

 

  • This section of code goes in the Initialize event in an agent and in the Click event of an Action:

 

    • Dim s As New notessession
      Dim db As notesdatabase
      Dim view As notesview
      Dim doc As notesdocument
      Dim nextdoc As notesdocument

      Set db = s.currentdatabase
      Set view = db.getview("Encrypted")
      Set doc = view.getfirstdocument

      While Not doc Is Nothing
      • Set nextdoc = view.getnextdocument(doc)
        'The below loop is mandatory to ensure that all $File entries are unecrypted
        Forall i In doc.items
        • If i.isencrypted Then
          • i.isencrypted=False
          End If
        End Forall
        'Must have at least 1 field encrypted in order to call Encrypt method
        Dim temp As New NotesItem(doc,"tempjunk","temp")
        temp.IsEncrypted=True
        Call doc.encrypt
        Call doc.save(True, False)
        'This portion can now remove the fields relative to encrypting the
        'single token encrypted field.
        Call doc.removeitem("$Seal")
        Call doc.removeitem("$SealData")
        Call doc.removeitem("SecretEncryptionKeys")
        Call doc.removeitem("Encrypt")
        Call doc.removeItem("tempjunk")
        Call doc.save(True, False)
        Set doc = nextdoc
      Wend


Supporting information:
Converting from North American security to International security requires generating new user IDs. Users who have encrypted mail in their mail file will not be able to read any of the encrypted information with the new ID unless the encryption is first removed.

This document was originally titled, "How to remove encryption from mail documents when converting licenses from North American to International".

Additional information:
The steps presented in this technote to remove encryption from documents will not work on Mail Journaling databases if the documents with it have been encrypted prior to being received by the router.

Related information

How to Remove Encryption from all Documents in Mail
Unable to use LotusScript to act on multiple MIME or V2

Cross reference information
Product Component Platform Version Edition
IBM Domino Designer Not Applicable AIX, Linux, Solaris, Windows 9.0, 8.0, 7.0, 6.5, 6.0 All Editions

Historical Number

176349

Document information

More support for: IBM Notes

Component: Mail

Software version: 8.5, 9.0

Operating system(s): Platform Independent

Software edition: All Editions

Reference #: 1089495

Modified date: 10 December 2018