Decrypt Lotus Notes NSF

2
votes

I would like to decrypt Lotus Notes NSF files programmatically. Assume that for each NSF, I have the ID file and password needed to access the NSF.

I am using Lotus Notes 8.5.2, Windows 7 SP1 64-bit. I am willing to use COM, C++ API, or C API.

I am aware of the C API function NSFDbIsLocallyEncrypted, which reports whether an NSF is encrypted. However, I do not believe it is able to decrypt the NSF.

I am aware of the C++ API function LNNotesSession.CreateDatabaseCopy, which takes as parameter 3 DBOptions, which has a member that I can set as DBOptions.SetLocalEncryption( LNLOCALENCRYPTION::LNLOCALENCRYPTION_NONE ) . However, this function creates a new NSF. If possible, I would like to decrypt the source NSF in place to save time and disk space.

How can I remove local encryption from an NSF in place?

3
lotus-noteslotus-dominolotusinterop-domino
I'm curious why, if you have the Notes ID and password, you would want to decrypt the files. Is it for archiving? I don't often encrypt local databases, but when I have, there was always a good reason.David Navarre
Post decryption, the NSFs will be put through an automated electronic discovery system for extraction of metadata and body content. While the system is able to accept an ID file and password, selecting one must be done manually for each NSF, which is undesirable.Jacob Quisenberry
Ah, yes, I forgot about electronic discovery. That makes complete sense now. I expect the biggest annoyance will be the time to create the non-encrypted versions.David Navarre
@JacobQuisenberry : we have to develop similar software here, to prepare a migration. Local archives have to be decrypted, yet we don't want to involve the users to take care of the process themselves. Did you manage to complete your application?D.Bugger

3 Answers

3
votes

AFAIK, there is no exposed API for decrypting an NSF file.

Also, since the entire file needs to be rewritten in order to decrypt all the data, I don't think there's really any time or space penalty for copying the entire NSF.

0
votes

To decrypt an NSF file which is encrypted with medium or strong encryption such that only a particular ID file can open it, log into that ID file, select application properties, and deselect "strong encryption". Then, select "compact database", close the properties, close everything associated with that file, and then reopen the file. The compaction process updates everything to match the new state of that option. (You can do this with the API as well.)

To decrypt documents that are encrypted to the user's public key or to a shared/named encryption key that exists within the user's ID, you must write an agent or API program which opens every document in the database and calls NSFNoteDecrypt, then NSFNoteUpdate upon each.

-1
votes

Ytria does appear to have a software solution for this (DatabaseEZ) where you can set database encryption settings en-masse, though I have not tried it. The free lite version of the software doesn't seem to allow it.