Installation guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL

BlackBerry Enterprise Solution Security

BlackBerry encryption keys 6

New security features

Feature Software versions supported Description

protect master

encryption keys on the

BlackBerry device

• BlackBerry Enterprise Server

version 4.1 (all platforms)

• Java™ based BlackBerry devices

that are running BlackBerry device

software version 4.1 or later

Encrypt the master encryption keys

stored on the BlackBerry device in

flash memory using 256-bit AES.

support smart cards with

the BlackBerry Smart

Card Reader

• BlackBerry Smart Card Reader

version 1.0

• Bluetooth-enabled BlackBerry

devices that support Bluetooth

specification version 1.1 and are

running BlackBerry device

software version 4.0.0 or later

• BlackBerry Enterprise Server

version 4.0.2 (with the S/MIME IT

Policy template imported) or

BlackBerry Enterprise Server

version 4.0.3 or later (all

platforms)

Use the BlackBerry Smart Card Reader

accessory to enable a user to

authenticate and communicate

wirelessly with a supported Bluetooth-

enabled BlackBerry device.

See the BlackBerry Smart Card Reader

Security White Paper for more

information.

send and receive PGP®

messages

• PGP Support Package version 4.1

• BlackBerry Enterprise Server

version 4.0 Service Pack 2 or later

for Microsoft Exchange

• BlackBerry Enterprise Server

version 4.1 for IBM Lotus Domino

• Java based BlackBerry devices

that are running BlackBerry device

software version 4.1 or later

Permit a user who is already sending

and receiving PGP protected messages

using their desktop email program to

send and receive PGP protected

messages, and decrypt and read

received PGP protected messages

using their BlackBerry device.

See the PGP Support Package White

Paper for more information.

decrypt and read IBM®

Lotus Notes-encrypted

and S/MIME-encrypted

messages

• BlackBerry Enterprise Server

version 4.1 for IBM Lotus Domino

• Java based BlackBerry devices

that are running BlackBerry device

software version 4.1 or later

Use Lotus Notes® API 7.0 to

automatically decrypt messages on the

BlackBerry device that the sender has

encrypted using either IBM Lotus

Notes or S/MIME encryption.

BlackBerry encryption keys

By default, the BlackBerry Enterprise Solution generates the master encryption key and message key that the

BlackBerry Enterprise Server and BlackBerry devices use to encrypt and decrypt all data traffic between them.

You can also enable the BlackBerry device to generate and use the content protection key to encrypt user data

while the BlackBerry device is locked, and generate and use the grand master key to encrypt the master

encryption key while the BlackBerry device is locked.

Master encryption key

The master encryption key is unique to the BlackBerry device. To send and receive messages, all master

encryption keys stored on the BlackBerry Enterprise Server and the BlackBerry device must match. If the stored

keys do not match, the BlackBerry device or the BlackBerry Enterprise Server cannot decrypt and must therefore

discard messages that they receive.