Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

BlackBerry symmetric key encryption algorithms 12

BlackBerry symmetric key encryption algorithms

A symmetric key encryption algorithm is designed so that only the parties who know the secret key can decrypt

the encrypted data or cipher text of the scrambled message.

The BlackBerry Enterprise Solution uses a symmetric key encryption algorithm to protect all data that the

BlackBerry device sends or receives, while the data is in transit between the BlackBerry device and BlackBerry

Enterprise Server. This standard BlackBerry encryption, which is designed to provide strong security, verifies that

a BlackBerry message remains protected in transit to the BlackBerry Enterprise Server while the message data is

outside the corporate firewall.

The BlackBerry Enterprise Solution uses either the Triple DES or the AES algorithm for standard BlackBerry

encryption.

Encryption algorithm Description

Triple DES The BlackBerry Enterprise Solution uses three iterations of the DES algorithm with

two 56-bit keys in outer CBC mode for an overall key length of 112 bits. See Federal

Information Processing Standard - FIPS PUB 81 [3] for more information.

In the two-key Triple DES algorithm, the first key encrypts the data, the second key

decrypts the data, and then the first key encrypts the data again.

Message keys and master encryption keys that the BlackBerry Enterprise Solution

produces using Triple DES contain 112 bits of key data and 16 bits of parity data,

which are stored as a 128-bit long binary string. Each parity bit is stored in the least

significant bit of each of the 8 bytes of key data.

AES A competition to design an algorithm with a better combination of security and

performance than DES or Triple DES produced AES. AES offers a larger key size

than DES or Triple DES to provide greater security against brute-force attacks. The

BlackBerry Enterprise Solution uses AES with 256-bit keys in CBC mode to encrypt

data that the BlackBerry Enterprise Server and the BlackBerry device send between

them.

The AES message keys and master encryption keys that the BlackBerry Enterprise

Solution uses contain 256 bits of key data.

Software requirements for BlackBerry encryption algorithms

Encryption algorithm BlackBerry Enterprise

Server

BlackBerry Device

Software

BlackBerry Desktop

Software

Triple DES any version any version any version

AES 4.0 or later 4.0 or later 4.0 or later

If you permit the use of both Triple DES and AES on the BlackBerry Enterprise Server and a user is running

BlackBerry device software or BlackBerry Desktop Software version 3.6 and earlier, the BlackBerry Enterprise

Solution generates that user’s BlackBerry device master encryption keys using Triple DES.

Standard BlackBerry message encryption

Standard BlackBerry encryption is designed to encrypt messages that the BlackBerry device sends or that the

BlackBerry Enterprise Server forwards to the BlackBerry device. Standard BlackBerry encryption encrypts the

message

• from the time a user sends an email message from the BlackBerry device until the BlackBerry Enterprise

Server receives the message

• from the time the BlackBerry Enterprise Server receives a message sent to a user until that user reads the

message on the BlackBerry device