Matrix of RSA key sizes supported by release of Notes/Domino
|
| Hierarchical IDs | Hierarchical IDs | Flat IDs | Flat IDs |
Version | Action | Domestic | International | Domestic | International |
R8, R9 | accept | 8192/4096(*) | 512 | 630 | 512 |
R8, R9 | generate | 4096/2048(*) | 512 | 0 | 0 |
R7 | accept | 2048 | 512 | 630 | 512 |
R7 | generate | 1024 | 512 | 0 | 0 |
R6 | accept | 1024 | 512 | 630 | 512 |
R6, R5 | generate | 630 | 512 | 0 | 0 |
R5, V4 | accept | 760(*) | 512 | 630 | 512 |
V4 | generate | 630 | 512 | 630 | 512 |
V3 | accept | 760/630(*) | 512 | 630 | 512 |
V3 | generate | 512 | 512 | 512 | 380 |
V2.1 | accept | 0 | 0 | 512 | 512 |
V2.1 | generate | 0 | 0 | 512 | 380 |
V2, V1 | accept | 0 | 0 | 512 | 380 |
V2, V1 | generate | 0 | 0 | 512 | 380 |
- R8, 8.5, and 9.0 can accept 8192 bit certifiers and 4096 bit users and servers
- R8, 8.5, and 9.0 can generate 4096 bit certifiers and 2048 bit users and servers
- V3 could accept 760 bit public keys and 630 bit private keys
- No version of Notes has ever generated keys between 631 and 760 bits, making that support strictly theoretical.
Key sizes supported by feature
Bulk data key sizes:
128 and 256 bit AES key support was added in 8.0.1
128 bit RC2 key support was added in 6.0.4/6.5.1
64 bit RC2 key support was added in V3
64/40 in international V4 through 5.0.3
32 bit RC2 in international V1, V2, and V3
Document Encryption Key (NEK) sizes:
128 bit AES key support was added in 8.0.1
128 bit RC2 key support was added in 6.0.4/6.5.1
64 bit RC2 key support has existed in all domestic versions of Notes
64/40 RC2 in international V4 and R5 pre-5.0.3
40 bit RC2 in French Notes
32 bit RC2 in international V2 and V3.
Ticket (network authentication) sizes:
128 bit RC2 key support was added in R6
Domestic V3, V4, R5 used 64 bit RC2
V2 used 64 bit RC2 domestic, 40 bits international.
?64/40? in international Notes pre-5.0.3
Session key (network encryption) sizes:
128 bit RC4 key support was added in R6
64 bit RC4 in domestic V4 and R5
64/40 RC4 in international V4 and R5 pre-5.0.3
French versions of V4 and R5 pretended to be V3 to use 40 bit RC2
V3 used 64 bit RC2 domestic, 40 bit RC2 international.
V1 and V2 used 64 bit RC2 domestic, 26 bit RC2 international.
Password-derived keys (ID file encryption keys):
Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA256 and iterated HMAC-SHA512 was added and enabled in 9.0
Support for 128 bit AES and 256 bit AES with iterated HMAC-SHA1 was added and enabled in 8.0.1
Security policy settings were added to control or restrict ID file encryption strengths in 8.0.1.
Support for 128 bit RC2 was added in R6, and enabled in R7.
64 bit RC2 has been supported since day one for all versions of Notes.
Local Database Encryption:
This feature was added in V4.1. Three variations of local database encryption exist:
Weak "encryption": RC4-based substitution
Medium and strong:
128 bits in R6
64 bit bulk key in domestic Notes from 4.1 to R6
64/40 bulk key in international Notes from 4.1 to 5.03
40 bit bulk key in French Notes from 4.1 to 5.03
S/MIME
SHA-256, SHA-384, and SHA-512 signature support added in 9.0
AES-128, AES-192, and AES-256 encryption support added in 9.0
3DES
128 bit RC2
64 bit RC2
40 bit RC2
DES
SSLv3
See below for TLS support (added in 9.0)
SSL_RSA_WITH_AES_128_CBC_SHA (added in 8.0)
SSL_RSA_WITH_AES_256_CBC_SHA (added in 8.0)
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
ID File Recovery
This feature was added in R5 and was never subject to export restrictions.
ID File Recovery uses 1024 bit RSA asymmetric keys.
R5 generated and supported 64 bit RC2 bulk encryption.
R6 supported 64 and 128 bit RC2 bulk encryption, and would use 128 bit RC2 if the ID file could only be used with R6+ for other reasons.
Notes ID vault
This feature was added in 8.5 and was never subject to export restrictions.
2048 bit RSA vault ID file
2048 bit RSA vault operations (VO) key
256 bit AES transport encryption keys
256 bit AES storage encryption keys
Security Assertion Markup Language (SAML) Service Provider
This feature was added in 9.0 and was never subject to export restrictions.
Supported DigestMethod Algorithms:
http://www.w3.org/2000/09/xmldsig#sha1
http://www.w3.org/2001/04/xmlenc#sha256
Supported SignatureMethod Algorithms:
http://www.w3.org/2000/09/xmldsig#rsa-sha1
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Supported EncryptionMethod (bulk) Algorithms:
http://www.w3.org/2001/04/xmlenc#tripledes-cbc
http://www.w3.org/2001/04/xmlenc#aes128-cbc
http://www.w3.org/2001/04/xmlenc#aes192-cbc
http://www.w3.org/2001/04/xmlenc#aes256-cbc
Supported EncryptionMethod (wrapping) Algorithms:
http://www.w3.org/2001/04/xmlenc#rsa-1_5
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
Exclusive canonicalization (xml-exc-c14n) should be used; #WithComments or inclusive canonicalization (REC-xml-c14n) may not parse successfully.
Transport Layer Security (TLS) v1.2
This feature was added in 9.0 and was never subject to export restrictions.
Requires selecting "IBM HTTP Server" install-time option
Supports ciphers that use AES and SHA-2
The evolution of Notes RSA key sizes
Due to export restrictions, Notes ID files have always contained two RSA key pairs, one for "Domestic" use, and one for "International" use. The domestic key was used when domestic versions of Notes communicated with each other, and the weaker international keys were used when an international version of Notes is involved. Signing was an exception, as the export restrictions primarily applied to keys used to provide secrecy for user-generated data. The International keys have been obsolete since the US Government eliminated the export restrictions in the 5.0.3 timeframe. Since clients and servers before R6 cannot interoperate with users with 1024+ bit RSA keys, we could safely eliminate the international key pair from those ID files with larger RSA keys. Due to the storage formats used in the ID file, both the domestic and the international keys point to the same key pair.
R6 generated 630 bit domestic keys and 512 bit international keys
R6 supported 1024 bit domestic keys* and 512 bit international keys
Support to generate flat ID files was removed from R6.
- RSA Keys over 630 bits must be BER-formatted
V4 and R5 generated 630 bit domestic keys and 512 bit international keys
V4 and R5 supported 760 bit domestic keys
and 512 bit international keys
V4 and R5 supported a maximum of 630 bit keys in flat ID files
Support to generate flat ID files was removed from R5.
V4 and R5 do not support BER-formatted keys.
V3 generated 512 bit domestic and international keys for hierarchical IDs
V3 generated 512 bit domestic and 380 bit international keys for flat IDs for compatibility with R2.
V3 supported 760 bit public keys and 630 bit private keys in hierarchical ID files.
*
V3 supported 630 bit keys in flat ID files
* Since keys between 630 and 760 bits in length have never been used, this distinction is mostly academic.
V2.1 generated 512 bit domestic keys and 380 bit international keys (flat only)
V2.1 accepted 512 bit domestic keys and 512 bit international keys (flat only)
V1 and 2.0 could generate up to 512 bit domestic keys and 380 bit international keys. (flat only)
V1 and 2.0 accepted 512 bit domestic keys and 380 bit international keys. (flat only)