Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
31323334353637383940
The BlackBerry device masks the round keys with random values and any S-Box masks that the AES algorithm requires to work.
Round keys are subkeys that the key schedule calculates for each round of encryption.
The BlackBerry device changes the random masks periodically and uses extra S-Box data to make identification of the S-Box
table difficult, whether the BlackBerry device uses the S-Box table in the encryption process, decryption process, or key schedule
process.
How the BlackBerry Enterprise Solution uses Triple DES to encrypt data
The BlackBerry® Enterprise Solution uses a two-key Triple DES encryption algorithm to generate message keys and device
transport keys. In the three iterations of the DES algorithm, the first 56-bit key in outer CBC mode encrypts the data, the second
56-bit key decrypts the data, and the first key encrypts the data again.
The BlackBerry Enterprise Solution stores the message keys and device transport keys as 128-bit binary strings with each parity
bit in the least significant bit of each of the 8 bytes of key data. The message keys and device transport keys have overall key
lengths of 112 bits and include 16 bits of parity data.
All versions of the BlackBerry® Enterprise Server, BlackBerry® Device Software, and BlackBerry® Desktop Software support Triple
DES.
For more information about Triple DES, see Federal Information Processing Standard - FIPS PUB 81 [3].
Process flow: Sending an email message to a BlackBerry device using
BlackBerry transport layer encryption
1. A sender sends an email message to a BlackBerry® device user.
2. The BlackBerry® Enterprise Server performs the following actions:
a. compresses the email message
b. encrypts the email message using the message key
c. encrypts the message key using the device transport key of the BlackBerry device
d. sends the encrypted email message and encrypted message key to the BlackBerry device
3. The BlackBerry device user clicks on the email message on the BlackBerry device to open it.
4. The BlackBerry device performs the following actions:
a. decrypts the message key using the device transport key
Security Technical Overview
Process flow: Sending an email message to a BlackBerry device using BlackBerry transport layer encryption
31