Installation guide
BlackBerry Enterprise Solution Security
BlackBerry encryption keys 9
Protocol Description
initial key establishment
protocol
• The BlackBerry Enterprise Server uses this protocol during wireless
enterprise activation to establish the initial master encryption key.
• This protocol uses SPEKE to bootstrap from an activation password, enabling
a BlackBerry device to establish long term public keys and a strong,
cryptographically protected connection with a BlackBerry Enterprise Server.
key rollover protocol
• The BlackBerry device and the BlackBerry Enterprise Server use this protocol
to regenerate a master encryption key, based on the existing master
encryption key. When a user physically connects the BlackBerry device to the
desktop computer, if a pending key exists, the current master encryption key
on the BlackBerry device becomes a previous key and the pending key
replaces the current key. If no pending key exists, the BlackBerry Desktop
Software creates a new master encryption key for the user.
• This protocol generates the master encryption key using existing long-term
public keys and the ECMQV algorithm to negotiate a common key in such a
way that an unauthorized party cannot calculate the same key.
• This protocol achieves perfect forward secrecy. The new master encryption
key is independent of the previous key. Knowledge of the previous master
encryption key does not permit an attacker to learn the new master
encryption key.
Message key
The BlackBerry Enterprise Server generates one or more message keys, which are designed to protect the
integrity of data such as short keys or large messages, for each message that the BlackBerry device sends. If a
message contains several datagrams and exceeds 2 KB, the BlackBerry Enterprise Server generates a unique
message key for each datagram.
Each message key is comprised of random information, which makes it difficult for a third-party to decrypt, re-
create, or duplicate the key.
The message key is a session key; the BlackBerry device does not store the message key persistently but frees
the memory associated with it after using it in the decryption process.
Message key generation process
The BlackBerry Enterprise Server is designed to seed a DSA PRNG function to generate a message key using the
following process:
1. The BlackBerry Enterprise Server obtains random data from the BlackBerry device for the seed, using a
technique derived from the initialization function of the ARC4 encryption algorithm.
2. The BlackBerry Enterprise Server uses the random data to permute the contents of a 256-byte (2048-bit)
state array.
If the MSCAPI is installed on the computer on which the BlackBerry Enterprise Server software is running,
the BlackBerry Enterprise Server also requests 512 bits of randomness from the MSCAPI to increase the
amount of entropy.
3. The BlackBerry Enterprise Server inputs the state array into the ARC4 algorithm to further randomize the
array.
4. The BlackBerry Enterprise Server draws 521 bytes from the ARC4 state array.
Note: The BlackBerry Enterprise Server draws the additional 9 bytes (512 + 9=521) to make sure that the
pointers before and after the call are not in the same place, and to take into account that the first few bytes
of the ARC4 state array might not be truly random.
www.blackberry.com