Manualshelf

Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
11121314151617181920
BlackBerry Enterprise Solution Security
Extending BlackBerry device messaging security 20
S/MIME certificates
When a user sends an encrypted message from the BlackBerry device, the BlackBerry device uses the S/MIME
certificate of the message recipient to encrypt the message.
When a BlackBerry device user receives a signed message, the BlackBerry device uses the S/MIME certificate of
the message sender to verify the message signature.
S/MIME private keys
When a user sends a signed message from the BlackBerry device, the BlackBerry device uses the S/MIME private
key of the user to digitally sign the message.
When a user receives an encrypted message, the BlackBerry device uses the private key of the user to decrypt the
message.
See the S/MIME Support Package White Paper for more information.
Decrypting and reading messages on the BlackBerry device using Lotus Notes API 7.0
The BlackBerry Enterprise Server version 4.1 or later for IBM Lotus Domino with Lotus Notes API 7.0
automatically turns on support for reading IBM Lotus Notes encrypted messages and S/MIME encrypted
messages on the BlackBerry device.
If a user with this feature configured on the BlackBerry device forwards or replies to an encrypted message that
the BlackBerry device has received, decrypted, and decompressed, the BlackBerry Enterprise Server for IBM
Lotus Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain
text.
Lotus Notes API 7.0 requires the user’s Notes .id file and password to decrypt the received secure message. The
user must manually click Import Notes ID and attach a copy of the Notes .id file that they used to login.
IBM Lotus Notes and S/MIME message decryption process
If a user configures support for reading IBM Lotus Notes and S/MIME encrypted messages on their BlackBerry
device, when the user receives an IBM Lotus Notes and S/MIME encrypted message, the BlackBerry Enterprise
Server for IBM Lotus Domino decrypts the message using the following process:
1. A user receives an IBM Lotus Notes and S/MIME encrypted message.
2. The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent uses the user’s cached Notes .id
password to decrypt the message.
If the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent does not have the Notes .id
password, the user must select More, More All, or Open Attachment to pull the decrypted message to the
BlackBerry device.
3. The BlackBerry Enterprise Server pushes the decrypted message to the BlackBerry device, where the user
can read the message.
Notes .id password protection
After a user imports the Notes .id file and password (stored in the Notes .id file), the password is
encrypted in BlackBerry device memory using AES
encrypted in the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent memory using AES
decrypted before being used to call the required Lotus Notes API security functions
The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent deletes the Notes .id files and plain
text passwords it stores when
a message decryption failure occurs on the BlackBerry Enterprise Server
www.blackberry.com