Rollover keys from 1024 to 640 bit - is it possible?

I have an installation with Domino 8.5 Admin server, 8.0.2 servers, 8.0.2 sameTime and 7.0.1 clients. Clients will be updated to 8.5 later this year.

when clients start they get the error: “The encrypted data has been modified or the wrong key was used to decrypt it”

I found this to be due to users using 1024 bit keys as keystrength, if they were 640 the error would not occur. I found this technote :

http://www-01.ibm.com/support/docview.wss?rs=463&context=SSKTMJ&context=SSKTWP&q1=The+encrypted+data+has+been+modified+or+wrong+key+was+used+to+decrypt+it&uid=swg21221246&loc=en_US&cs=utf-8&lang=en

The servers are allready in the same LTPA token and use single sign on, users are also using single sign on, so this will not fix the problem.

Users are annoyed by the error, so I want to “Rolldown” their keys from 1024 to 640 bit. I tried Rollover of the certifier for one department, locked the security policy setting to only accept 640 bit, and recertified one user. But he still has 1024 bit key.

Is it not possible to go down in key strength? Or am I missing something here.

Subject: Rollover keys from 1024 to 640 bit - is it possible?

Did you find a solution for this ?I am having the same problem for user who upgraded from Notes 7.0.1 to 8.5.0. No other user has complained of this problem.

I am trying to roll down her encrytion key strength from 1024 to 630. There is a field in the server document labelled “Preferred Key Strength” with the 1024 value. Could changing that down to 630 and creating new public keys fix the issue ?