iNotes Encryption Puzzler: How to Permanently Decrypt All Messages?

03/08/2010

Category    

iNotes (aka Domino Web Access/DWA) has for a while provided us the ability to read and write encrypted email by attaching the user's Notes ID to a profile document named (what else?) $shimmerid. Any time the user opens an encrypted message in iNotes they are prompted for their Notes ID password. Well, not necessarily their "current" password but the password of the ID when it was imported into their mail file way back when. Anyway, it's a process that is a little kludgey, but works well enough and certainly achieves the goal of making it hard for people who are not you to read your extra special secret messages. Which is great until you *want* someone else to be able to read your extra special secret messages (e.g. your Admin Assistant, or maybe your corporate audit department). If we were all using the Notes rich client, this would be no big deal, but some folks *only* use iNotes. so it is a big deal.

So I need to figure out a way to permanently decrypt (i.e. save without encryption) all "encrypted" messages without involving the user logging into the Notes client.
 
Considering the ID file is (sort of) available on the server in the aforementioned $shimmerid profile document, it *should* be possible to achieve this by either a) utilizing an agent running on the server provided that the password of the stored user ID file is also stored in some form that the server can access, b) triggering a similar process when the user opens iNotes and enters their id password, or c) performing some other clever trick which you are going to share with us.

I've had some partial success by adding a webqueryopen agent (i.e. user triggered) that is able to *copy* an individual message in decrypted form but cannot save any changes to the current document if it is encrypted (which is kind of the point). The error thrown is "Cannot update note due to NOTE_FLAG2_NO_UPDATE being set" whatever that means. The copy approach is not a bad fall back, but does require the owner to actually read every encrypted message, which may not happen, at least not in a timely fashion.

The automated approach is obviously favored, and at the moment I am looking at the C API as my best hope of accessing that stored id file and using it to decrypt everything on a scheduled basis. The particular functions that appear to be most relevant are SECKFMOpen and SECKFMClose to access the id file and NSFNoteCipherDecrypt to actually do the decryption. I have been attempting to call these functions from within LotusScript but with little success so far (I am alas not a C API expert). Since the regular iNotes process to read encrypted messages apparently involves a server task, likely using these functions, you would think it ought to work.
 
So is there reason to hope for success in this endeavor? Have you been down this road only to see it dead end? Can the ID Vault's auditor functions be tapped programmatically? Do you have a better approach entirely? Your helpful thoughts are most welcome.

Mick Moignard: Has Word Hindered Collaboration?

03/05/2010

Category  

I recently came across this most insightful of articles by our friend Mick Moignard that appeared nearly 5 years ago but is no less relevant today. As Mick points out:

Word's biggest issue is that it's designed purely to print paper. It exists to format content on to paper. It has a page-oriented paradigm. Word users are forced to think with a page-oriented and paper-oriented mindset. Word was not designed as an information exchange mechanism. All of its functionality is there to enable people to get words, in ever-prettier form, on to paper. And while paper is an information-dissemination tool, it's not a collaboration tool. Pretty much all of the functionality of Word is there to print paper, not to help me get the words I write to other people in a collaborative context.


Link: DominoPower: Has Word hindered collaboration?

Domino Dev Wiki Article: Manipulating Design Elements with LotusScript (or Java)

03/05/2010

Category   

As much for my own reference as anything, I wanted to post a quick entry pointing to a tremendously useful article by Andre Guirard on the Lotus Notes and Domino Application Development Wiki about all sorts of clever ways to programmatically modify Notes design elements.

Great stuff Andre!

Link: Manipulating Design Elements with LotusScript (or Java)

(And now I can finally close that tab in Firefox that has been open for about a year )

Name Your Own Price Lotus Notes Developer Position (U.S. Citizen w/ TS Clearance Only)

02/23/2010

Category  

I don't know anyone with a TS Poly clearance yadda yadda so I didn't pay much attention to a recruiter email from last week, but she wrote back today and had this to say:

Subject: Still on the hunt for Lotus Notes Developer w/ polygraph
Kevin,

Good evening. I emailed you last week, and I wanted to follow up as my customer has come to desperation to find a Lotus Notes Developer with a TS/SCI/Full Scope Polygraph for a permanent position in Reston, VA.

Do you have any suggestions of folks who might be interested? This developer can NAME THEIR PRICE!

I appreciate any help you can provide.


If you can help me help her, drop me a note.

BP208 Lotusphere Session Demo Application & Slides

01/25/2010

Category   

Update Jan 25 1:50 PM ET: The demo app download file has been updated to be N/D 7 compatible (ODS 43). The original file was inadvertently created in 8.5 format (ODS 51). Sorry 'bout that.

A big shout out to the folks who came to our much-too-early Thursday morning session "Manipulating Time and Space: Adding C&S to Your Applications". Susan Bulloch and I enjoyed giving the presentation and were happy that it was received well. Several of you have eagerly wondered where you could download the "Interview Scheduler" demo application featured in the session. I am now happy to report that, after a bit of weekend polishing, it can be found here.

I have also uploaded our slides to SlideShare here.

For those who didn't get to join us, I offer you a little teaser screenshot:

A picture named M2

Manipulating Time & Space: C&S in Your Custom Apps (BP208)

12/13/2009

QuickImage Category  

I suppose it is as good a reason as any to break out of a blogging slump. It is my pleasure to announced that the esteemed Susan Bulloch of IBM (NotesGoddess.net) and myself will be co-presenting at Lotusphere 2010  on the topic of advanced uses of C&S (Calendaring and Scheduling) functionality in Lotus Notes. Here is the session abstract:

BP208 - Manipulating Time and Space: Adding C&S Functionality to Your Applications

Users often request Calendaring and Scheduling (C&S) functionality in their applications, or need little "extras" added to the built-in C&S functionality already in Lotus Notes.  In other cases it can be a challenge just getting users to abandon their "email for everything" habit and embrace these features at all. We will present techniques, tools and free code to help you provide your demanding users what they need for the future, and help the stragglers put bad habits in the past where they belong.  Come learn how to bend (meeting) times and add (conference room) spaces, fold C&S functionality into your custom applications, and build user-friendly interfaces for creating complex meetings with repeated ease.


At a time when Lotus is rolling out a forceful campaign to build market awareness that Notes/Domino is more than just email, more organizations will be seeking practical guidance on how to tap these newly discovered capabilities. This session offers a clear roadmap to meet this need, whether an organization has already embraced applications and other extended features (and may perhaps be wondering whether to shift platforms) or is a new or existing customer only now looking in that direction.

Historically many organizations that have adopted Domino have not embraced even its full “out of the box” functionality, specifically the built-in C&S and Resource Reservation features that integrate tightly with Notes mail. The recent improvements in the calendar features of version 8.5.1 and renewed interest in Domino as an application platform (owing to initiatives such as Lotus Knows, the partnership with OpenNTF, and free Domino Designer) make this an excellent time (no pun intended) to demonstrate one of the easiest ways for customers to get more value out of their Lotus investment.

There are many reasons that organizations might be slow to adopt C&S features or Domino's application development capabilities. These include lack of awareness, concern over support and training costs, and the perceived difficulty of customizing and integrating this functionality into existing applications. It is the latter obstacle at which this session takes most direct aim by providing a variety of useful code samples.

What problems does your organization have with scheduling that this session might address?

While we already have several real world scheduling challenges identified and plan to cover ways to address them, we thought it would be useful to hear from you about your own headaches that relate to scheduling of people, rooms, resources, events, you name it. What time and space issues do you wish were easier to manipulate?

LotusKnows Bus Tour Comes to DC, MD, and VA This Friday Nov 6

11/04/2009

QuickImage Category   

Sean Burgess has the latest details on all three stops the bus will make in the DC/Baltimore area this Friday. Not only will you be able to breakfast in Baltimore, but you can also lunch in DC and have an afternoon snack with beer in Tysons Corner. What else are you gonna do on a Friday?

Lotus Knows (The Bus) Power Lunching in Washington DC This Friday (Nov 6)

11/01/2009

QuickImage Category  

We interrupt this blog silence to bring you an important announcement:

Please join us for the Lotus Knows Bus Tour on Friday, November 6th, from 12 to 2 PM!  The Lotus Bus will be stopping at the Federal Triangle Metro Station.

Please RSVP to Debbie Greenberg at debra_greenberg AT us DOT ibm DOT com.  This will be a social event and a great time to chat about Lotus Software.

Location: Across from the Federal Triangle Metro Station (302 12th St., NW)
Date: Friday, November 6th, 2009
Time: 12 to 2 PM

- via Jack Dausman

According to Debbie the details (e.g. food) are still being finalized but considering that the bus will be taking folks in Baltimore to breakfast at Miss Shirley's Cafe earlier the same day, the odds seem good you can leave the Snickers bar at the office. For more details on the bus tour check out this post from Bilal Jaffery's blog. Hope to see you there.

Your Host

pettittk.jpg
Kevin Pettitt View Kevin Pettitt's profile on LinkedIn

Idea Jam

Contact

Subscribe to This Blog

 Full Posts  Comments

Bloglines Subscribe in Bloglines
Newsgator Subscribe in NewsGator Online
MyYahoo
Google Add to Google
netvibes Add to Netvibes

Hosted by

Powered By

Domino BlogSphere
Version 3.0.1 Beta 9

Advertisements

OpenNTF

Disclaimer

This site is in no way affiliated, endorsed, sanctioned, supported, nor blessed by Lotus Software nor IBM Corporation, nor any of my past or future clients (although they are welcome to do so). The opinions, theories, facts, etc. presented here are my own and in no way represent any official pronouncement by me on behalf of any other entity.

© 2005-2010 Kevin Pettitt - all rights reserved as listed below.

Creative Commons License
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution / NonCommercial / ShareAlike