S/MIME encryption to international recipients with long public keys

03 Troubleshooting

Client
S/MIME encryption to international recipients with long public keys

When a client uses S/MIME to encrypt a message, Notes chooses a data encryption algorithm that depends on the length of the public key in the recipient's certificate. If the recipient's public key length is greater than 512 bits, the default algorithm is 3DES (if the sending client is using North American Notes); if the public key length is 512 bits or less, the default algorithm is 40 bit RC2.

With recently relaxed export controls, some international Notes users may have public keys longer than 512 bits, but they still can't decrypt S/MIME messages that use 3DES data encryption. Therefore, they won't be able to decrypt a message from a North American Notes client.

To change the default algorithm used for encrypting messages to users with public keys greater than 512 bits, use the notes.ini variable SMIME_Strong_Algorithm to specify an algorithm available to the international Notes recipient. For example:

SMIME_Strong_Algorithm=DES or

SMIME_Strong_Algorithm=RC2_56 or

SMIME_Strong_Algorithm=RC2_40
Note: A future release of Notes will use S/MIME version 3 capabilities management to store transmit and store information about what algorithms are available to particular clients. Then the client will not need to control the encryption algorithm with the notes.ini variable.