Specifications
Extending messaging security
on BlackBerry 10 devices
You can extend messaging security for the BlackBerry Device Service solution and permit BlackBerry 10 device users to
send and receive S/MIME-protected email messages. Digitally signing or encrypting messages adds another level of
security to email messages that users send or receive from their devices. Users can digitally sign or encrypt messages if
they use a work email account that supports S/MIME-protected messages on devices. When a device is activated on the
BlackBerry Device Service, you can require the device to sign, encrypt, or sign and encrypt messages, using S/MIME
encryption when sending email messages using a work email address.
Digital signatures are designed to help recipients verify the authenticity and integrity of messages that users send. When a
user digitally signs a message with their private key, recipients use the sender's public key to verify that the message is
from the sender and that the message has not changed.
Encryption is designed to keep messages confidential. When a user encrypts a message, the device uses the recipient's
public key to encrypt the message. The recipient uses their private key to decrypt the message.
Devices support keys and certificates in the following file formats and file name extensions:
• PEM (.pem, .cer)
• DER (.der, .cer)
• PFX (.pfx, .p12)
If users don't have a smart card, users need to store their private keys and a certificate for each recipient that they want to
send an encrypted email message to on their devices. Users can store a key and certificates by importing the files from a
work email message. Users must use their work email accounts to send signed or encrypted email messages.
Related information
How the BlackBerry Device Service manages email messages, 21
11
Security Technical Overview Extending messaging security on BlackBerry 10 devices
85