SECURING


Encryption standards

HCL Domino® observes a number of encryption standards, in particular, standards that are required or regulated by the Federal Information Processing Standard (FIPS).

AES algorithm

The Advanced Encryption Standard (AES) algorithm is available for use with some encryption features. The AES algorithm is widely used and is approved by Federal Information Processing Standard (FIPS) 140-2.

Secure Hash Algorithm (SHA-2)

The Secure Hash Algorithm (SHA-2) is available for use with some encryption features on Windows™, AIX®, and on Linux™, where SHA-2 is part of the new OpenSSL library that supports the algorithm. SHA-2 is widely used and is approved by Federal Information Processing Standard (FIPS) 140-2, to assist in compliance with government mandate NIST 800-131. SHA-2 is currently available to use for X.509 certificate signature verification and S/MIME signed mail, and some areas of Notes/Domino where a password such as the Internet (HTTP) password were previously "hashed." For more information on hashing, see the related topic on electronic signatures.

No Domino configuration is required to make use of SHA-2. When Notes® client users receive S/MIME messages encrypted using the algorithm, SHA-2 is listed in the Document Encryption and Signing Properties box that a client user can open by clicking the Signature or Encryption icon in the Notes client status bar.

Tip: It is recommended that the Domino administrator use RSA-2048 and AES-128 with SHA-2. To do so, set all client user's ID files to use 2048-bit RSA keys, and configure all Person documents with the setting Can decrypt documents using FIPS 140-2 approved algorithms in order to ensure AES-128. For more information, see the related topic on configuring AES encryption:

Parent topic: Encryption

Related concepts
Electronic signatures

Related tasks
Configuring encryption for ID files
Configuring AES for mail and document encryption
Creating a Web SSO configuration document
Modifying TLS cipher restrictions