Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
81828384858687888990
Key Description
PGP public key The PGP Support Package for BlackBerry smartphones uses the PGP public key of
the recipient to encrypt outgoing email messages and the PGP public key of the
sender to verify digital signatures on incoming email messages.
The PGP public key is designed so that recipients and senders can distribute and
access the key without compromising it. The PGP public key is stored typically on
the PGP® Universal Server, an LDAP server, or a DSML certificate server.
PGP private key The PGP Support Package for BlackBerry smartphones uses the PGP private key of
the sender to digitally sign outgoing email messages and the PGP private key of
the recipient to decrypt incoming email messages.
To make sure that security is not compromised, you must make sure that private
key information remains private to the key owner. The BlackBerry device stores the
PGP private key.
Retrieving PGP keys from a PGP Universal Server, LDAP servers, or DSML certificate servers
If your organization’s environment includes a PGP® Universal Server, the administrator of the PGP Universal Server can configure
the email policy of the PGP Universal Server. After a user installs the PGP® Support Package for BlackBerry® smartphones, a
BlackBerry device can retrieve and enforce the email policy of the PGP Universal Server for all email messages that the user sends.
The BlackBerry device is designed to use the BlackBerry MDS Connection Service to connect to the PGP Universal Server and
to any LDAP server or DSML certificate server that a user specifies on the BlackBerry device or that you specify using the BlackBerry
Administration Service. The BlackBerry MDS Connection Service uses standard protocols, such as HTTP and TCP/IP, to permit
the BlackBerry device to retrieve PGP public keys, PGP key status, and X.509 certificate status from the PGP Universal Server,
an LDAP server, or a DSML certificate server over the wireless network. The BlackBerry MDS Connection Service can connect to
LDAP servers using LDAPS.
Only BlackBerry® Device Software versions 5.0 and later support DSML certificate servers.
Encryption algorithms that the BlackBerry device supports for PGP encryption
When you turn on PGP® encryption, the default value of the PGP Allowed Content Ciphers IT policy rule specifies that a
BlackBerry® device can use any of the following encryption algorithms to encrypt email messages and PIN messages: AES-256,
AES-192, AES-128, CAST-128, or Triple DES-168. You can change the value to use a subset of the encryption algorithms if your
organization’s security policies require it.
Security Technical Overview
Extending messaging security using PGP encryption
85