Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
121122123124125126127128129130
Item Description
S/MIME certificate When a user sends an email message or PIN message from a BlackBerry device,
the device uses the S/MIME certificate of the recipient to encrypt the message.
When a user receives a signed email message or signed PIN message on a
device, the device uses the S/MIME certificate of the sender to verify the
message signature.
S/MIME private key When a user sends a signed email message or signed PIN message from a
device, the device hashes the message using SHA-1, SHA-2, or MD5. The
device then uses the S/MIME private key of the user to digitally sign the message
hash.
When a user receives an encrypted email message or encrypted PIN message
on a device, the device uses the private key of the user to decrypt the message.
The device stores the private key.
Retrieving S/MIME certificates and checking certificate
status
The S/MIME Support Package for BlackBerry smartphones is designed so that the BlackBerry device and the certificate
synchronization tool of the BlackBerry Desktop Manager can perform the following actions:
use LDAP, LDAPS, or DSML to search for and retrieve S/MIME certificates of recipients from LDAP servers or DSML
certificate servers
use OCSP to check the revocation status of S/MIME certificates
retrieve the revocation status of S/MIME certificates from a certificate revocation list
S/MIME encryption algorithms
When you turn on S/MIME encryption, the default value of the S/MIME Allowed Content Ciphers IT policy rule specifies that
a BlackBerry device can use any of the following encryption algorithms to encrypt messages: AES-256, AES-192, AES-128,
CAST-128, RC2-128, or Triple DES. By default, the device cannot use the RC2-64 algorithm and RC2-40 algorithm to
encrypt S/MIME messages. You can change the value of the S/MIME Allowed Content Ciphers IT policy rule to use a subset
of the encryption algorithms if your organization’s security policies require it.
If a BlackBerry device user wants to send an email message to a recipient that the user previously received an email
message from, the device is designed to store the encryption algorithms that the recipient’s email application can support,
and use one of those encryption algorithms. By default, if the device cannot determine the encryption algorithms that the
recipient’s email application can support, the device encrypts the email message using Triple DES.
You can use the Weak Digest Algorithms IT policy rule to specify the algorithms that your organization considers to be
weak. The device uses the list of weak algorithms in the Weak Digest Algorithms IT policy rule when the device verifies the
following information:
Security Technical Overview Extending messaging security to a device
121