Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
31323334353637383940
Encrypting data that the BlackBerry Enterprise Server and
a BlackBerry device send to each other
4
To encrypt data that is in transit between the BlackBerry® Enterprise Server and a BlackBerry device in your organization, the
BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to
encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry
Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the
BlackBerry device receives the message.
Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key. When
the BlackBerry Enterprise Server receives a message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message
using the device transport key, and then decompresses the message.
Algorithms that the BlackBerry Enterprise Solution uses to encrypt data
The BlackBerry® Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting data.
By default, the BlackBerry® Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server and the
BlackBerry device support for BlackBerry transport layer encryption.
If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise Solution
generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry® Device Software version 3.7 or
earlier or BlackBerry® Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device transport
keys of the BlackBerry device using Triple DES.
How the BlackBerry Enterprise Solution uses AES to encrypt data
By default, when a BlackBerry® device supports AES, the BlackBerry® Enterprise Solution uses AES for BlackBerry transport layer
encryption. The BlackBerry Enterprise Solution uses AES in CBC mode to generate the message keys and device transport keys.
The keys consist of 256 bits of data.
BlackBerry® Enterprise Server version 4.0 or later, BlackBerry® Device Software version 4.0 or later, and BlackBerry® Desktop
Software version 4.0 or later support AES.
For more information about how the BlackBerry Enterprise Server uses AES for BlackBerry transport layer encryption to
communicate with BlackBerry devices, visit www.blackberry.com/support to read article KB05429.
How a BlackBerry device uses the AES algorithm to help protect user data and keys
The BlackBerry® device implementation of the AES algorithm is designed to help protect user data and keys (such as the device
transport key and ephemeral key) from traditional attacks and side-channel attacks.
Security Technical Overview
Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other
29