Published 22/12/2020

Remove encryption from Domino documents

When you create mail journaling you can encrypt all documents using the Administrator ID.  Last week a customer ask to add access for another user (developer). The Admin remove the database encryption but lots off documents remain encrypted . The solution was to remove the document encryption using the following steps:

To remove encryption from documents:

1. First, create a view named “Encrypted”. The view selection formula you use will vary depending on the type of database with which you are working.

 

  • If working in a mail file, then use the following:
      • SELECT (Encrypt = “1” |  EncryptionFlags = “2”)

    If you are working in a non-mail file and want to remove encryption from documents encrypted with a Private key, then use the following formula:

      • SELECT @IsAvailable(SecretEncryptionKeys)

    If you are working in a non-mail file and documents may be encrypted using either a Public or Private key, then use the following:

      • SELECT @All

    In the above scenario, if you want to remove encryption based on the Form or other field value, then remove the @All. For example: Select Form = “Report”.

    In other scenarios, use an ampersand (&) to add additional criteria to the selection formula. For example: Select Form=”Report” & @IsAvailable(SecretEncryptionKeys)

  • 2. Create an agent with the following code. Set it to run manually from Actions menu on all documents in the database.

Dim s As New notessession
Dim db As notesdatabase
Dim view As notesview
Dim doc As notesdocument
Dim nextdoc As notesdocument

Set db = s.currentdatabase
Set view = db.getview(“Encrypted”)
Set doc = view.getfirstdocument

While Not doc Is Nothing

  • Set nextdoc = view.getnextdocument(doc)
    'The below loop is mandatory to ensure that all $File entries are unecrypted
    Forall i In doc.items

    • If i.isencrypted Then
      • i.isencrypted=False

      End If

    End Forall
    'Must have at least 1 field encrypted in order to call Encrypt method
    Dim temp As New NotesItem(doc,"tempjunk","temp")
    temp.IsEncrypted=True
    Call doc.encrypt
    Call doc.save(True, False)
    'This portion can now remove the fields relative to encrypting the
    'single token encrypted field.
    Call doc.removeitem("$Seal")
    Call doc.removeitem("$SealData")
    Call doc.removeitem("SecretEncryptionKeys")
    Call doc.removeitem("Encrypt")
    Call doc.removeItem("tempjunk")
    Call doc.save(True, False)
    Set doc = nextdoc

Wend

kenio.carvalho

kenio.carvalho

Domino