Please help me on the below… i am trying to understand the encryption and decryption concept in Lotus Notes. The below is my understanding…please correct me if I am wrong
When I encrypt the database using medium or strong encrption of encryption setting of the database properties, here I selected the server to encrypt. Those who have access to the database on that server will be able to access the database. It seems both tyhe keys(public and private) are stored in the server id.
If the encrption is done at person level and only that person is allowd to access the database and boththe keys are stored in his /her id file.
Actually what i am trying to understand is, how the data is stored in the server when it is encryted using database encrytption…whether it is in readable format.
My scenario is, I have my domino servers on cloud. If someone has admin access to the server will they be able to read the data. Simply I have outsouced the infrastructure maintanace to some party and I dont want them to see the data. Basically the data should not be in readable format for them.
I’ll cut to the chase: if the NSF file is on a server and you want to use database encryption, the server ID file must have the key. Encryption useing a user ID file is useful for local replicas on users’ desktops or laptops, not for replicas on the server. Therefore, database level encryption only protects your data against someone who doesn’t have physical access to the server ID file, or who doesn’t have access to the server ID file’s password.
As a practical matter, you probably have to give your outsourced cloud admins access to the server IDs (and passwords, if you even have then on the server ID files, which most people don’t). So if you want to protect your data from being viewed by your outsourced cloud admins, you will have to use document-level encryption instead of database level encryption. Document-level encyrption, however, has its own significant drawbacks with respect to view indexing and full-text indexing. If those drawbacks are a big problem for you, then I would suggest continuing to host a small cluster of Domino servers inside your own network and using those to host the databases that contain confidential information that you need to priotect.