Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
Each message key consists of random data that is designed to make it difficult for a third party to decrypt, re-create, or
duplicate the message key.
The BlackBerry Enterprise Server and device do not store the message keys but they free the memory that is associated
with the message keys after the BlackBerry Enterprise Server or device uses the message keys to decrypt the message.
Data flow: Generating a message key on a BlackBerry
Enterprise Server
A BlackBerry Enterprise Server is designed to use the DSA PRNG function to generate a message key.
To generate a message key, the BlackBerry Enterprise Server performs the following actions:
1. retrieves random data from multiple sources for the seed, using a technique that the BlackBerry Enterprise Server
derives from the initialization function of the ARC4 encryption algorithm
2. uses the random data to reorder the contents of a 256-byte state array (also known as a 2048-bit state array)
If the Microsoft Cryptographic API exists on the computer that hosts the BlackBerry Enterprise Server, the BlackBerry
Enterprise Server requests 512 bits of randomness from the Microsoft Cryptographic API to increase the randomness of
the data.
3. adds the 256-byte state array into the ARC4 algorithm to further randomize the 256-byte state array
4. draws 521 bytes from the 256-byte state array
The BlackBerry Enterprise Server draws an additional 9 bytes for the 256-byte state array, for a total of 521 bits (512 +
9 = 521) to make sure that the pointers before and after the generation process are not in the same place, and in case
the first few bytes of the 256-byte state array are not random.
5. uses SHA-512 to hash the 521-byte value to 64 bytes
6. uses the 64-byte value to seed the DSA PRNG function
The BlackBerry Enterprise Server stores a copy of the seed in a file. When the BlackBerry Enterprise Server restarts, it
reads the seed from the file and uses the XOR function to compare the stored seed with the new seed.
7. uses the DSA PRNG function to generate 256 pseudorandom bits for use with AES encryption and 128 pseudorandom
bits for use with Triple DES encryption
8. uses the pseudorandom bits with AES encryption or Triple DES encryption to generate the message key
For more information about the DSA PRNG function, see Federal Information Processing Standard - FIPS PUB 186-2.
Data flow: Generating a message key on a device
A BlackBerry device uses the DRBG function if the device is operating in FIPS mode, and the DSA PRNG function if the
device is not operating in FIPS mode, to generate a message key.
To generate a message key, the device performs the following actions:
Security Technical Overview Keys on a device
25