User guide
Process flow: Viewing an attachment in a PGP encrypted message or S/MIME-encrypted
message
The S/MIME Allowed Encrypted Attachment Mode IT policy rule or PGP® Allowed Encrypted Attachment Mode IT policy rule
determines how a BlackBerry® device responds when it receives a PGP/MIME encrypted message or S/MIME-encrypted message
that contains an attachment. These rules determine whether the following actions occur automatically when the user opens the
email message, or whether the user must request the actions manually.
1. A BlackBerry device sends the message key and a request for the data in the attachment header to the BlackBerry® Enterprise
Server.
2. The BlackBerry Enterprise Server uses the message key to decrypt the email message and access the data in the attachment
header. The BlackBerry Enterprise Server sends the data in the attachment header to the BlackBerry device.
3. The BlackBerry device processes the data in the attachment header with the email message and displays the associated
attachment information so that the user can select the attachment for viewing.
Process flow: Viewing an attachment that is encrypted using S/MIME encryption, PGP/MIME
encryption, or OpenPGP encryption
1. The BlackBerry® device sends the message key and a request for the attachment data to the BlackBerry® Enterprise Server.
2. The BlackBerry Enterprise Server uses the message key to decrypt the email message and access the attachment data that
corresponds to the data in the attachment header. The BlackBerry Enterprise Server decrypts the attachment and sends
the rendered attachment data to the BlackBerry device.
3. The BlackBerry device displays the attachment.
To protect the decrypted attachment data that the BlackBerry device stores, you can turn on content protection.
Security Technical Overview
Extending messaging security to attachments
95