Smartcards resemble credit cards, but instead of containing a magnetic strip they contain a microprocessor and memory. Beginning with Lotus Notes 6, you can use a Smartcard with your User ID to login to Notes, provided you have a Smartcard reader installed on your computer. Once your User ID is enabled for Smartcard login, you are prompted for your Smartcard Personal Identification Number (PIN) in place of your Notes password. One of the major differences between entering your Notes password for login and entering a Smartcard PIN for login is that if you enter the wrong PIN too many times, the Smartcard locks and requires administrator intervention.
The advantage of using a Smartcard with Notes is that you use a Smartcard to lock your User ID. Without a Smartcard, you only need your User ID and your Notes password to access Notes. When using a Smartcard, you need your User ID, your Smartcard, and your Smartcard PIN to access Notes. Also, because you carry your Smartcard with you (just as you would carry a credit card with you), you are much less vulnerable to User ID theft.
Note If you are using Notes Release 5 or earlier, you cannot use a Lotus Notes 6 Smartcard-enabled User ID.
Click any of these topics:
If you have Windows NT/2000 password or Domino Web/Internet password synchronization enabled, you need to disable it before enabling Smartcard login with Notes.
Caution Before using a Smartcard, you must work with your administrator to ensure your User ID is recoverable. For more information on recovering your User ID, see Recovering your User ID. You cannot switch between the Smartcard-enabled User ID and recovered versions of the User ID if password checking is being used. Password checking must be disabled if you use a Smartcard. Once you enable Smartcard login for your User ID, you cannot disable it.
1. Make sure a Smartcard reader is installed on your computer and your administrator has set up recovery information for your User ID.
2. Insert your Smartcard in the Smartcard reader.
3. From the menu, choose File - Security - User Security. Macintosh OS X users: Notes - Security - User Security.
4. Click Your Identity - Your Smartcard.
5. In the "Smartcard Configuration" dialog, enter or browse for (click the folder button) the entire path of the directory for the PKCS #11 Smartcard driver file in the "Smartcard driver file" field. (This file was added when you installed your Smartcard reader). For example, C:\Schlumberger\Smart Cards and Terminals\Common Files\SLBCK.DLL.
7. Click the "Enable Smartcard Login" button under "Using your Smartcard with Notes."
8. When prompted for each, enter your Notes password and your Smartcard PIN. Once you are prompted that Smartcard Login is enabled, you must use your Smartcard PIN the next time you login to Notes and thereafter.
9. When prompted, and if supported by your Smartcard, enter a descriptive name for your Smartcard in the "Smartcard Login Label" field under "Your Smartcard configuration." For example, "Jason's Smartcard."
Note Make sure to take your Smartcard with you whenever you leave your workstation. If you are using a PKCS#11 Version 2.01 or higher Smartcard driver set, removing your Smartcard from the Smartcard reader locks the Notes display until the Smartcard is put back into the Smartcard reader and you enter the correct PIN.
Go to top
To store Internet private keys on a Smartcard
You can store on your Smartcard any Internet private keys from personal Internet certificates that you may have (not from Internet certificate authority certificates). Storing your Internet private keys on your Smartcard adds an extra level of protection for them than just storing them in your User ID. Once a private key is moved to a Smartcard, it is only possible to export the certificate itself, without including the private key, to a separate file.
Note that you may not be able to store some keys on a Smartcard, including 630-bit private keys.
Caution Once you place your Internet private keys on your Smartcard, you cannot remove them. You can only recover keys that are placed on your Smartcard after User ID recovery has been enabled on your User ID. If the recovery information in your User ID changes after you have placed keys onto a Smartcard, you can no longer recover those keys directly. If you do not recover your Internet private keys, data encrypted with the keys is no longer readable. Contact your administrator for further advice on whether your Internet private keys can be recovered before continuing with this procedure.
1. Choose File - Security - User Security. Macintosh OS X users: Notes - Security - User Security.
2. Enter your PIN when prompted.
3. Click Your Identity - Your Certificates.
4. Select "Your Internet Certificates" from the drop-down list.
5. Select the Internet certificate that corresponds with the Internet private key you want to move to your Smartcard.
6. Click Other Actions - Move Private Key to Smartcard on the right side of the dialog box.
7. Click Yes when you receive the warning that you cannot reverse the action.
8. Enter your PIN to confirm.
9. You should receive confirmation that your key was stored successfully.
To import Internet certificates from a Smartcard
If your Smartcard was given to you with Internet keys already stored on it, Notes supports the ability to import those keys and store them in the Notes ID file so that they can be found by, and used with, Notes.
Note This option is only available to users who have a Smartcard reader installed on their PCs and whose Notes IDs have been Smartcard-enabled. Otherwise, it is not available for selection.
4. Click "Get Certificates." A drop-down list appears, listing different ways of importing certficates into the ID file.
5. Select "Import Internet Certificate from a Smartcard." This imports all available certificates from the current Smartcard.
See Also