Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
11121314151617181920
BlackBerry Enterprise Solution Security
Extending BlackBerry device messaging security 18
3. The BlackBerry device sends the encrypted message to the BlackBerry Enterprise Server.
4. The BlackBerry Enterprise Server removes the standard BlackBerry encryption and sends the PGP encrypted
message to the recipient.
If the PGP Support Package is installed on a BlackBerry device, when the BlackBerry device receives a message,
the PGP message is encrypted with standard BlackBerry encryption and then decrypted, using the following
process:
1. The BlackBerry Enterprise Server receives the PGP protected message.
2. The BlackBerry Enterprise Server uses standard BlackBerry encryption to encrypt the PGP encrypted
message.
3. The BlackBerry Enterprise Server sends the encrypted message to the BlackBerry device.
4. The BlackBerry device removes the standard BlackBerry encryption and stores the PGP encrypted message.
5. When the user opens the message on the BlackBerry device, the BlackBerry device decrypts the PGP
encrypted message and renders the message contents.
PGP encryption algorithms
The BlackBerry device is designed to support using a strong algorithm for PGP encryption. The PGP Allowed
Content Ciphers IT policy rule default setting specifies that the BlackBerry device can use any of the supported
algorithms to encrypt PGP messages. You can set the PGP Allowed Content Ciphers IT policy rule to encrypt PGP
messages using any of AES (256-bit), AES (192-bit), AES (128-bit), CAST (128-bit), and Triple DES (168-bit).
The message recipient’s PGP key indicates which content ciphers the recipient can support, and the BlackBerry
device is designed to use one of those ciphers. The BlackBerry device encrypts the message using Triple DES by
default if the recipient’s PGP key does not include a list of ciphers.
See the PGP Support Package Security Technical Overview for more information.
S/MIME Support Package
The S/MIME Support Package is designed to enable BlackBerry device users who are already sending and
receiving S/MIME messages using their computer email application to send and receive S/MIME protected
messages using their BlackBerry devices. The S/MIME Support Package is designed to work with S/MIME email
clients including Microsoft Outlook® and Microsoft Outlook Express, and with popular PKI components,
including Netscape®, Entrust Authority™ Security Manager version 5 and later, and Microsoft CAs.
The S/MIME Support Package includes tools for obtaining certificates and transferring them to the BlackBerry
device. This means that BlackBerry devices with the S/MIME Support Package installed can decrypt messages
that are encrypted using S/MIME encryption and users can read the decrypted messages on their BlackBerry
devices, and that users can sign, encrypt, and send S/MIME messages from their BlackBerry devices. Without the
S/MIME Support Package the BlackBerry Enterprise Server sends a message to the BlackBerry device in which
the message body includes a statement that the S/MIME message cannot be decrypted.
The S/MIME Support Package includes support for the following features:
certificate and private key synchronization and management using the Certificate Synchronization Manager
included in the BlackBerry Desktop Software
encrypting and decrypting messages, including PIN messages, verifying digital signatures, and digitally
signing outgoing messages
searching for and retrieving certificates and certificate status over the wireless network using PKI protocols
smart cards on BlackBerry devices
www.blackberry.com