Is it possible to create some kind of “master key” which can decrypt every encrypted mail in the domain? I know I can always change the password on a user ID an use that, but a simpler way would be appreciated.
Thanks, Chris.
Subject: Not automatically …
…but you could code your application design to always encrypt with an additional “master” ID, then that ID will have access to all encrypted documents.
As I understand it, document encryption works as follows :
Notes generates a random key
All encrypt fields are encrypted with this random key
The key itself is then encrypted with the public key values of the people who are authorized to access the data
These encrypted keys (one per person) are stored in the document
This allows multiple people to retrieve the encryption key and decrypt the data, without having to encrypt a copy of the data for each person.
Given the process above, there is no “back door” past the encryption process.