Remove encryption from Domino documents


When you create mail journaling you can encrypt all documents using the Administrator ID.  Last week a customer ask to add access for another user (developer). The Admin remove the database encryption but lots off documents remain encrypted . The solution was to remove the document encryption using the following steps:

To remove encryption from documents:

1. First, create a view named “Encrypted”. The view selection formula you use will vary depending on the type of database with which you are working.


  • If working in a mail file, then use the following:
      • SELECT (Encrypt = “1” |  EncryptionFlags = “2”)

    If you are working in a non-mail file and want to remove encryption from documents encrypted with a Private key, then use the following formula:

      • SELECT @IsAvailable(SecretEncryptionKeys)

    If you are working in a non-mail file and documents may be encrypted using either a Public or Private key, then use the following:

      • SELECT @All

    In the above scenario, if you want to remove encryption based on the Form or other field value, then remove the @All. For example: Select Form = “Report”.

    In other scenarios, use an ampersand (&) to add additional criteria to the selection formula. For example: Select Form=”Report” & @IsAvailable(SecretEncryptionKeys)

  • 2. Create an agent with the following code. Set it to run manually from Actions menu on all documents in the database.

Dim s As New notessession
Dim db As notesdatabase
Dim view As notesview
Dim doc As notesdocument
Dim nextdoc As notesdocument

Set db = s.currentdatabase
Set view = db.getview(“Encrypted”)
Set doc = view.getfirstdocument

While Not doc Is Nothing

  • Set nextdoc = view.getnextdocument(doc)
    'The below loop is mandatory to ensure that all $File entries are unecrypted
    Forall i In doc.items

    • If i.isencrypted Then
      • i.isencrypted=False

      End If

    End Forall
    'Must have at least 1 field encrypted in order to call Encrypt method
    Dim temp As New NotesItem(doc,"tempjunk","temp")
    Call doc.encrypt
    Call, False)
    'This portion can now remove the fields relative to encrypting the
    'single token encrypted field.
    Call doc.removeitem("$Seal")
    Call doc.removeitem("$SealData")
    Call doc.removeitem("SecretEncryptionKeys")
    Call doc.removeitem("Encrypt")
    Call doc.removeItem("tempjunk")
    Call, False)
    Set doc = nextdoc