Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
121122123124125126127128129130
Extending messaging security for
attachments
The BlackBerry Enterprise Server supports attachments in PGP protected messages and S/MIME-protected messages. It
also permits a
BlackBerry device user to view encrypted attachments on a BlackBerry device. For PGP protected
messages, the device supports OpenPGP format and PGP/MIME format. For S/MIME-protected messages, the device
supports Triple DES, AES-128, AES-192 or AES-256.
You can use the PGP Allowed Encrypted Attachment Mode IT policy rule and the S/MIME Allowed Encrypted Attachment
Mode IT policy rule to control whether users can view encrypted attachments on their devices. By default these rules
permit a device to request decrypted attachment information from the
BlackBerry Enterprise Server automatically when a
user opens a protected message.
On a device that is running BlackBerry 7 or later in a Microsoft Exchange environment, you can use the S/MIME
Attachment Support IT policy rule to control whether users can send and forward attachments in S/MIME-protected
messages. The S/MIME Attachment Support IT policy rule can be set to one of the following values:
None, which prevents the device from sending attachments in S/MIME-protected messages.
End-to-End, which permits the device to send attachments in new S/MIME-protected messages that the sender
composes, if the attachments are located on the sender's device.
End-to-End or Trusted BES, which permits the device to send attachments in S/MIME-protected messages whether or
not the attachments are located on the sender's device.
By default, the "End-to-End or Trusted BES" value is configured for this rule.
Data flow: Viewing an attachment in a PGP encrypted
message or S/MIME-encrypted message
The S/MIME Allowed Encrypted Attachment Mode IT policy rule or PGP Allowed Encrypted Attachment Mode IT policy rule
determines how a
BlackBerry device responds when it receives a PGP/MIME encrypted message or S/MIME-encrypted
message that contains an attachment. These rules determine whether the following actions occur automatically when the
user opens the email message, or whether the user must request the actions manually.
1. A device sends the message key and a request for the data in the attachment header to the BlackBerry Enterprise
Server.
2. The BlackBerry Enterprise Server uses the message key to decrypt the email message and access the data in the
attachment header. The BlackBerry Enterprise Server sends the data in the attachment header to the device.
3. The device processes the data in the attachment header with the email message and displays the associated
attachment information so that the user can select the attachment for viewing.
Security Technical Overview Extending messaging security to a device
127