Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
21222324252627282930
A BlackBerry device stores the device transport keys in a key store database in flash memory. The key store database is designed
to prevent a potentially malicious user from copying the device transport keys to a computer by trying to back up the device
transport keys. A potentially malicious user cannot extract key data from flash memory.
To avoid compromising the device transport keys that are stored in the BlackBerry Configuration Database or in the messaging
environment, you must protect the BlackBerry Configuration Database and the storage location of the device transport key in
the messaging environment.
Messaging environment Storage location on the messaging environment
IBM® Lotus® Domino® BlackBerry profiles database
Microsoft® Exchange mailbox of the email application on the user’s computer
Novell® GroupWise®
Where the BlackBerry Enterprise Solution stores device transport keys in a Microsoft Exchange environment
In a Microsoft® Exchange environment, the BlackBerry® Enterprise Solution stores the device transport keys in a hidden folder
that is named BlackBerryHandheldInfo. The BlackBerryHandheldInfo folder is located in a root folder of the mailbox for the user
account on the Microsoft Exchange Server®. The BlackBerryHandheldInfo folder stores the following data:
message of class RIM.BlackBerry.Handheld.Config that contains the user's configuration information, including
the device transport key
device transport keys in binary form with tags that indicate whether the status of the device transport keys is pending
(0x6002 tag), current (0x6003 tag), or previous (0x6004 tag)
Where the BlackBerry Enterprise Solution stores the device transport keys in an IBM Lotus Domino
environment
In an IBM® Lotus® Domino® environment, the BlackBerry® Enterprise Solution stores the device transport keys in a Lotus Domino
database that is named BlackBerryProfiles.nsf. The BlackBerry profiles database contains configuration information for every
user account that exists in the Data directory. The BlackBerry profiles database stores an account record that contains the
RIMCurrentEncryptionKeyText field, RIMPendingEncryptionKeyText field, and RIMPreviousEncryptionKeyText field. The fields
stores the device transport keys for every user account in a hexadecimal string using alphanumeric characters.
Generating device transport keys
Generating the first device transport key for a BlackBerry device during the activation process
If a user connects a BlackBerry® device to a computer for the first time and activates the BlackBerry device, the BlackBerry®
Desktop Software generates the device transport key and sends it to the BlackBerry device and messaging server.
Security Technical Overview
Device transport keys
20