Applying Field-Level Security
The security techniques discussed so far have been at the document level or higher. All the field-level security options can be found in the Security Options drop-down box in the Field Properties box. Three security options are available for fields:
- Sign If Mailed or Saved in Section
- Enable Encryption for This Field
- Must Have at Least Editor Access to Use
Using Signed Fields
Notes documents can be signed if certain conditions are met. First, a field must have the property Sign If Mailed or Saved in Section set in the Security Options section of the Advanced tab of the Field Properties box. Figure 23.19 shows this setting.
Figure 23.19. The Security Options of a field are on the Advanced tab of the properties box.
As the option implies, the field must be in either an access-controlled section or a mail-enabled form. Access-controlled sections are discussed in Chapter 5. Mail-enabled forms are discussed in Chapter 24, "Creating Workflow Applications." Unfortunately, this option is rather restrictive in that the entire document is signed only when it's mailed or saved in a section. Therefore, you can't have a field on a form that's signed based solely on an entry in that field. You can, however, have multiple signatures if you create a signed field in multiple controlled-access sections. When a document is signed, Domino creates a unique electronic signature from the user's private key. The user 's public key and list of certificates are also stored in the document in a field called $Signature if the document is being mailed, or Sig_ SectionName , (where SectionName is the name of the section field), if the signature is signed in a section.
Using Encryption
The lowest level of security that can be applied is field-level encryption. Encryption is based on the public/private key pairs. A designer can allow a field or fields to be encrypted on a form by taking the following steps:
- Choose or create a field.
- Open the Field Properties box and click the Options tab.
- Click Enable Encryption for This Field under Security Options.
Fields that can be encrypted are distinguishable from other fields by their red brackets.
When a document is encrypted, each field in the document that has the encryption attribute set is encrypted with the encryption keys contained in the Notes user ID file as specified in the form Default Encryption Keys field. If the user doesn't have an encryption key listed in the form, the fields aren't encrypted. If the user ID doesn't contain all the keys in the default encryption keys field, the fields aren't encrypted. All keys that are used are contained as a list in a field in the document, which then tells Domino which keys can decrypt the document when a user requests access.
Any user opening a document that contains encrypted fields must hold only one of the encryption keys that were used to encrypt the fields in his Notes user ID file.
CAUTION
For encryption to work, you must hold a Notes ID with the necessary encryption keys. Without the encryption keys, the fields remain unencrypted.
A default encryption key can be assigned to the form on the Security tab of the Form properties box. To assign an encryption key to a form, you must first hold a key in your ID. To save a document with encrypted fields, the user must possess the key. An encryption key can be created and distributed from a user ID. To create a new encryption key, follow these steps:
- Select File, Security, User Security from the menu and enter your password at the prompt.
- Click the Notes Data tab in the User Security dialog box, which displays the Document Encryption screen shown in Figure 23.20.
Figure 23.20. Encryption keys available for document encryption.
- Click the New Secret keys button.
- Select the type of key and add a name and a comment.
CAUTION
Two types of Notes keys can be created with an ID: North American and international. Documents or fields encrypted with North American keys aren't readable by international users. If there are international users of your application, you must create international keys.
After you create the key, distribute it to those who need to use it to enter data in the encrypted fields. Do this by clicking the Mail button or by exporting the key to a file. Then you can mail the file, electronically or physically. The recipient merges or imports the key into her ID. After a field has been encrypted, the document is still readable by those who don't possess the keythe encrypted fields are simply blank. Users who possess the key can view, enter, and edit data in the fields.
Applying Must Have at Least Editor Access to Use Restriction
This is a security feature that's hardly ever used. There are actually a couple of very good reasons for this. The first reason is that there are plenty of other security measures to use to achieve the same effect. Second, when a document is first created (by an author), the person creating the document can access this field because he's assumed to be the editor. So, although this restriction exists, it's unlikely that you'll ever use it.