I have a problem with encrypted database. I’m using encryption at the field level, so system administrators of the database can’t see sensitive information. As you all know, the down side of this feature is that encrypted fields can’t be visible on a view. Question - how to build application where all fields are encrypted therefore not visible in a view? Have you got any suggestions?
According to help file and info I’ve found in Internet, if checkbox “Include Encrypted fields in search index” is selected it should be possible to search for the documents. I don’t know why, but that’s not working in mine application. It’s totally new, the checkbox was checked before creation of index, but I can’t find any documents using info from the encrypted fields (all fields are simple text fields).
Subject: How to search for info in encrypted database?
For that to work, the id file that is current during indexing must have the encryption key so it can decrypt data. Since you don’t want system admins to be able to see the data, that probably rules out adding the encryption key to the server id file. Therefore, the option is only going to be useful for you in local replicas of the database.
If you truly don’t trust any system admins and feel you need to encrypt all the fields, then building a usable application purely in Notes while meeting all security requirements is probably going to be very difficult. Most likely, you’ll need to build a separate front-end application that is only installed on local workstations, which reads data out of the encrypted fields on the server and presents it to users. You could do the front-end in Notes, so that when you open it an agent runs and copies and decrypts docs and stores them in a local NSF, but of course you’ll also have to write code to synch the updates back to the encrypted docs. Of course you could use database-level encryption on the local databases to deal with the problem of keeping unencrypted data on user hard drives, although that might not fully satisfy your security requirements.
Subject: RE: How to search for info in encrypted database?
Thanks for your response Richard.
I’d like to explain the situation to you, so you will understand my position (maybe local encryption would be enough and I rejected this option just because of lack of knowledge).
I have a database where documents contain sensitive information therefore all fields should be hidden. Maybe I can show the dates or numbers, but that won’t be useful information for the user in order to find the document in a view.
As I understand, the database located on the server from direct access to confident data can be only protected by field level encryption. As far as I know the database-level encryption is not strong enough because the service provider will have server id - and that’s where and why I decided that it is not an option (and maybe I’m wrong).
Subject: RE: How to search for info in encrypted database?
You are correct. If you don’t trust the people who manage the servers, then database encryption is not an option for you.
More generally, if you don’t trust the people who manage the servers, then your design must require that all encryption and decryption operations take place on the client; so only encrypted data (at the field level) is stored on the server. That means that using the native presentation capabilities of Notes in a single server-based NSF is not enough for you. You will have to do without additional programming that runs only on local users desk/laptops to perform decryption operations, present a good UI, and perform encryption for any updates to data.
The only other alternative is a special server for the one application, separate from the rest of your Domino infrastructure but cross-certified so your application users can work with it; kept in a locked room, with all OS and Domino software locked down by an independent security professional; with no remote administrative access to the server, and with the requirement that all hands-on administration must be performed under the direct supervision of a security officer.