User guide
Process flow: Receiving an S/MIME-encrypted email message
If a recipient installs the S/MIME Support Package for BlackBerry® smartphones, the BlackBerry device decrypts incoming email
messages.
1. The sender uses the S/MIME technology on the email application to encrypt the email message using the S/MIME certificate
of the recipient.
2. The BlackBerry® Enterprise Server performs the following actions:
a. retrieves the S/MIME-encrypted message from the messaging server
b. encrypts the email message a second time with S/MIME encryption if the email message is signed-only or weakly
encrypted and if you turned on the Turn on S/MIME encryption on signed and weakly encrypted messages option in
the BlackBerry Administration Service
c. uses BlackBerry transport layer encryption to encrypt the S/MIME-encrypted message
d. sends the email message that is encrypted using BlackBerry transport layer encryption and S/MIME encryption to the
BlackBerry device
3. The BlackBerry device decrypts the BlackBerry transport layer encryption and stores the S/MIME-encrypted message in
BlackBerry device memory.
4. When the recipient opens the email message on the BlackBerry device, the BlackBerry device decrypts the S/MIME-
encrypted message using the S/MIME private key of the recipient and displays the message contents. If the email message
is encrypted with a password, the recipient types the password to decrypt the S/MIME-encrypted message.
Extending messaging security using IBM Lotus Notes encryption
By default, if your organization's environment includes BlackBerry® Enterprise Server version 4.1 or later for IBM® Lotus® Domino®
and IBM® Lotus Notes® API version 7.0 or later, a BlackBerry device can decrypt messages that are encrypted using Lotus Notes
encryption.
Security Technical Overview
Extending messaging security using IBM Lotus Notes encryption
91