Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
81828384858687888990
Process flow: Generating a BlackBerry services key that protects cryptographic services data
The BlackBerry® device uses an ephemeral AES-256 encryption key (called the BlackBerry services key) to encrypt the
cryptographic services data. To generate the BlackBerry services key, the BlackBerry device performs the following actions:
1. generates a random password from a random source of 32 bytes
2. generates a random salt from a random source of 8 bytes
3. concatenates the salt, password, and salt again into a byte array (for example, Salt|Password|Salt)
4. hashes the byte array using SHA-256
5. stores the resulting hash in a byte array that is called a key
(key) =
SHA256(Salt|Password|Salt)
6. hashes the key 18 more times and stores the result in a key each time
For example, for i=0 to 18, the BlackBerry device performs the following actions:
(key) = SHA256(key)
i++
done
The final hash creates the BlackBerry services key.
7. stores the BlackBerry services key in a location of the NV store that third-party applications and the user cannot access
Process flow: Backing up cryptographic services data using the BlackBerry Desktop Manager
1. A user connects a BlackBerry® device to the BlackBerry® Desktop Manager and selects the option to update the BlackBerry®
Device Software.
2. The BlackBerry Desktop Manager determines that cryptographic services data require backup during the update process.
It sends the BlackBerry device a command to encrypt the cryptographic services data.
3. The BlackBerry device performs the following actions:
a. generates a BlackBerry services key and stores the BlackBerry services key in the NV store
b. encrypts the cryptographic services data using the BlackBerry services key
c. encrypts the BlackBerry services key using the content protection key if you or the user turns on content protection
4. The BlackBerry Desktop Manager backs up the encrypted cryptographic services data in a database on the user’s computer
as an .ipd file.
Security Technical Overview
Updating the BlackBerry Device Software from an update web site
82