Video Screencast Help

Export domino archive which has encrypted mails

Created: 07 Feb 2013 • Updated: 16 Feb 2013 | 1 comment
vinkuma's picture
This issue has been solved. See solution.


I need a clarification whether an adminisatrator would be able to read an encrypted mail which was exported from archive to NSF

As far i know archived mail requires USER ID to be mapped in order to view that item

Please clarify and provide the solution



Comments 1 CommentJump to latest comment

Paul Honey's picture


No, an administrator would not be able to read that encrypted email either pre-archiving by EV, post archiving by EV, or post export from EV, or without EV in the picture at all.

The only way to read an encrypted email within Notes is to be either the sender or a recipient of that email as it will be encrypted with the public keys that only these user ids have the corresponding private keys to decrypt with.

From an EV point of view, this means that we do archive encrypted emails, by default in journaling, by policy choice in mailbox archiving, but as the archiving id generally will not have the necessary private keys to decrypt the content, we will archive and index it the email in its encrypted state (i.e. only the header / unecrypted information is actually readable / indexable). when that archiev demail is subsequently retrieved, or in your scenario exported to an NSF, it come sback in the exact same state as it was pre-archiving - i.e. encrypted - and hence can only be read by user ids with the necessary private keys to decrypt it.

EV simply respects the Domino security model with regards to encryption and is not a magic wand to bypass it and allow an admin id access to more content than it would have in normal circumstances.



Paul Honey | Enterprise Vault Engineering | Customer Focus Team (CFT) | Symantec Corporation |