Sie können mich buchen für:
Individuelle Schulungen für XPages, JavaScript und Appcelerator Titanium Software-Entwicklung für IBM XPages, Appcelerator Titanium (Mobile Apps iPhone, iPad, Android, Blackberry 10), Mobile Web und IBM Notes
Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Julian Buss, July 23rd, 2010 09:21:42
Tags:  Development 
I found something by accident: let a collegue send you an encrypted mail.
Then write a LotusScript agent like this:

---
Dim session As New NotesSession
MessageBox "Selected document is encrypted: "+CStr(session.currentDatabase.Unprocesseddocuments.Getfirstdocument().isEncrypted)
---

Now perform the following two tests:

1.) Select the encrypted mail in the inbox and execute the agent. You will see that the .isEncrypted property is FALSE.

2.) Open the mail, then execute the agent against the open UIDocument. You will see that the .isEncrypted property is TRUE (as it should be).

From my point of view, this means:

- As soon as you access an ecrypted document with LotusScript and you got the handle to the document from a view, the document will be decrypted. If you save the document then, it will be saved DECRYPTED. You need to call .encrypt() by yourself again.

- You cannot test if a document is encrypted or not at all if you got the handle to the document from a view.

- The behaviour is different wether you got the document from the view or an open UIDocument.

I tested this with 8.5.1 and 8.5.2CD5. Can anyone confirm this with other clients? What do you think about this?
Comments (8) | Permanent Link

Comments:

1) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Michael Ruhnau 23.07.2010 10:57:06

I once came across this issue, too - but I can't remeber what I decided to do. Nevertheless this blog post

{ Link }

provides some interesting insights in the comments section.

I tested your script on an old 6.5.4 box and in there I experienced the expected behaviour. The messagebox results in a isEncrypted = true in both cases.

Additionally I investigated the behaviour with modifications and decrypting. The script I used is:

Dim session As New NotesSession

Dim doc As NotesDocument

Set doc = session.currentDatabase.Unprocesseddocuments.Getfirstdocument()

MessageBox "Selected document is encrypted: "+CStr(doc.isEncrypted)

Call doc.ReplaceItemValue("subject" , "modified")

Call doc.Save(True,true)

In Notes 6.5.4 the document will remain encrypted, in Notes 8.5.1 the document will be decrypted (a you mentioned already).

In my opinion, this is a Notes 8 bug which should be addressed to IBM. As documents will be decrypted using LotusScript modifications without manually encrypting again.

Any experiences with other releases would be interesting...

2) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Wolfgang Haderlein 23.07.2010 11:09:32

I have the same results with 8.51 FP 3 and 7.02. One thing I saw: When you open the property-box for documents on view-level, you won't see/get access to the Body-Field (it works for unencrypted mails).

Servus

Wolfgang

3) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Julian Buss 23.07.2010 11:12:47

Michael, thank you for the link and the test. It confirms what I remember: that it was different in previous Notes releases.

4) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Urs Meli 23.07.2010 13:14:32

Yesterday I wrote a small application to decrypt all the mails in the users mailbox.

I can't find the link right now. But doc.save() does not encrypt a document, unless you called doc.encrypt() before.

When you as the owner open the document, it gets decrypted before it's delivered to you. If notes was able to decrypt it, isEncrypted is fals. If notes was not able to decrypt it, isEncrypted is true.

In the mailfile you have to test if the field "Encrypt" equals "1" to be almost sure, that the mail has been encrypted.

Gruss

Urs

5) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Julian Buss 23.07.2010 13:22:25

thanks for the tip with the "encrypt" field, this is a kind of workaround in my specific case.

But I still don't get why .isEncrypt is false when I get the doc from the view, and true if I get it from an UIDocument. This still sounds wrong and like a bug to me.

6) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Michael Ruhnau 23.07.2010 13:43:12

Another issue with NotesItem.isEncrypted is that it it returns true for signed but unencrypted fields.

7) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Erik Brooks 23.07.2010 13:49:45

Sounds broken to me, unless IBM can justify why it should have worked this way all along. It's a regression, and this piece in particular makes it REALLY broken:

- You cannot test if a document is encrypted or not at all if you got the handle to the document from a view.

Perhaps another backend method (GetDocumentByUNID/GetDocumentById/GetDocumentByKey/Search/FTSearch) will allow you get a doc and test it, but if not then this means there's no way for a scheduled agent to test the encrypted property, and that's REALLY broken.

8) Bug with encrypted documents and LotusScript NotesDocument.isEncrypted property - what do you think?
Kevin S Pettitt 23.07.2010 16:45:05

I've actually become very familiar with the issue of doc.isencrypted not working for the user, and ended up writing some C API script that can be called from Lotusscript and DOES work (yet another unwritten blog entry).

I am surprised to learn that it worked "properly" back in the 6.5 days. It definitely stopped working by 7.0.2 and doesn't seem to have changed in 8.5.1. The script I used that needs to test for encryption state gets documents using db.getdocumentbyunid so I would be surprised if there is *any* way in which a user-run script can get the property to return true.

It is important to note that a *server* run script will correctly report doc.isencrypted (unless the server's public key is among those used to encrypt the document). Typically for mail this is not the case, so scheduled agents should work fine. This is good news because a scheduled agent can be used to occasionally go through the database and find any messages where doc.isencrypted = true AND doc.Encrypt(0) <> "1" and fix the Encrypt field (no it is not 100% reliable). Then the Encrypt = "1" test *will* work reliably, meaning among other things that you can use it in a view selection formula.

I will eventually get around to writing this whole thing up, and have actually discussed my approach with Jens Polster (whose related post is referenced in comment @1). He had done some work to adapt it into a class but I subsequently found and fixed a bug in the approach and don't know if he integrated that fix into his efforts. If anyone is desperately in need of this technique and has some consulting dollars/euros to throw at the problem I can jump on it quickly and help you out but I'm otherwise rather swamped at the moment. Sorry for the self-plug, but as someone once said: "Cheap, fast, good. Pick two."

Add a comment
Subject:
   
Name:
Mail:
Web:
 
Comment:  (No HTML - URLs with leading http://)
 
remember me?   
You can hire me.
See my Linkedin profile for details.

Thanks for reading and have a nice time here!

Please note my Apps for iPhone and iPad: NotesBook: takes your Lotus Notes Notebook (Journal) to your iPhone and iPad xpageswiki.com: huge XPages Tips & Tricks collection for iPhone and iPad