Domino Consulting - HCL Domino Administrator 12 Help

SECURING

The evolution of Notes RSA key sizes

Due to export restrictions, Notes ID files have always contained two RSA key pairs, one for "Domestic" use, and one for "International" use. The domestic key was used when domestic versions of Notes communicated with each other, and the weaker international keys were used when an international version of Notes is involved. Signing was an exception, as the export restrictions primarily applied to keys used to provide secrecy for user-generated data. The International keys have been obsolete since the US Government eliminated the export restrictions in the 5.0.3 timeframe. Since clients and servers before R6 cannot interoperate with users with 1024+ bit RSA keys, we could safely eliminate the international key pair from those ID files with larger RSA keys. Due to the storage formats used in the ID file, both the domestic and the international keys point to the same key pair.

R6 generated 630 bit domestic keys and 512 bit international keys
R6 supported 1024 bit domestic keys* and 512 bit international keys
Support to generate flat ID files was removed from R6.
V4 and R5 generated 630 bit domestic keys and 512 bit international keys
V4 and R5 supported 760 bit domestic keys** and 512 bit international keys
V4 and R5 supported a maximum of 630 bit keys in flat ID files
Support to generate flat ID files was removed from R5.
V3 generated 512 bit domestic and international keys for hierarchical IDs
V3 generated 512 bit domestic and 380 bit international keys for flat IDs for compatibility with R2.
V3 supported 760 bit public keys and 630 bit private keys in hierarchical ID files.***
V3 supported 630 bit keys in flat ID files
V2.1 generated 512 bit domestic keys and 380 bit international keys (flat only)
V2.1 accepted 512 bit domestic keys and 512 bit international keys (flat only)
V1 and 2.0 could generate up to 512 bit domestic keys and 380 bit international keys. (flat only)
V1 and 2.0 accepted 512 bit domestic keys and 380 bit international keys. (flat only)

* RSA Keys over 630 bits must be BER-formatted.

** V4 and R5 do not support BER-formatted keys.

*** Since keys between 630 and 760 bits in length have never been used, this distinction is mostly academic.

Parent topic: History of supported key sizes in Notes and Domino

Help on Help

All Help Contents

Help on Help

All Help Contents