Specifications
S/MIME profile setting Description
Encrypted S/MIME messages You can make encryption of outgoing messages allowed, required, or
disallowed:
• Allowed: users can choose whether or not to encrypt messages (default
value)
• Required: users must encrypt messages
• Disallowed: users cannot encrypt messages
Allowed content ciphers You can choose any or all of the following encryption algorithms that a device
can use to encrypt S/MIME-protected email messages:
• AES (256-bit)
• AES (192-bit)
• AES (128-bit)
• Triple DES
• RC2
If you set any of the S/MIME settings to Required, you must make sure that users have their private key on their devices or
smart cards to sign or decrypt messages.
The following table shows the dependencies between the S/MIME profile settings that you can configure on the BlackBerry
Device Service and the S/MIME options that users can configure on devices. Depending on what these are set to, the
options in the Encoding drop-down list on the device change. The device ignores the value for some settings if a higher
priority setting (for example, the S/MIME Messages profile setting) conflicts with the value for that setting.
S/MIME Messages
profile setting
Encrypted S/MIME
Messages profile
setting
Digitally
Signed S/
MIME
Messages
profile setting
S/MIME options on device Encoding drop-down
on device
Allowed Allowed Allowed User can turn S/MIME on or
off
• Plain text
• S/MIME [Sign]
• S/MIME [Encrypt]
• S/MIME [Sign and
Encrypt]
Allowed Required S/MIME is on. User cannot
turn S/MIME off.
• S/MIME [Encrypt]
• S/MIME [Sign and
Encrypt]
Security Technical Overview Extending messaging security on BlackBerry 10 devices
87