|
|
How do you create a database that contains encrypted web-submitted documents?
You can do this two ways, depending on whether you can encrypt this for a specific list of users or if you need to allow a changing group of users to do it.
For a changing group of users, you can use a mail-in database set that is set to encrypt incoming mail:
1) Create a new key pair
2) Extract public key from this pair
3) Paste puclic key into the public key field of the mail-in DB document
4) For the mail-in DB, enable the option to automatically encrypt incoming mail
5) When the form is submitted, have your agent mail the document to the mail-in DB
6) Distribute the key pair to any user who needs to see the encrypted data
This has the problem of not being able to revoke the key from users who no longer should see the encrypted data (you can't guarantee the user didn't make a backup of their user.id file if you delete the encryption key from their current ID)
For a specific list of users, your webquerysave agent can do this:
'create empty secret and public encryption key items
Set itemPublicKeys = New NotesItem(doc, "PublicEncryptionKeys", "")
Set itemSecretKeys = New NotesItem(doc, "SecretEncryptionKeys", "")
'add public keys of users
Call itemPublicKeys.AppendToTextList(<array of user names>)
'encrypt the note with the above public keys
Call doc.Encrypt()
'remove the dummy SecretEncryptionKeys item and save
Call doc.RemoveItem("SecretEncryptionKeys")
Call doc.Save(True, False, True)This solution is problematic if the user list changes because all the old documents would have to be re-encrypted for the new list of users.