Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
21222324252627282930
3. Prompts the user to type the device password
4. Derives an ephemeral 256-bit AES encryption key from the device password, using PKCS #5
5. Uses the ephemeral key to encrypt the content protection key and ECC private key
6. Stores the encrypted content protection key, encrypted ECC private key, and ECC public key in flash memory
The content protection key is a semi-permanent 256-bit AES encryption key. If the user changes the device password, the
device uses the new password to derive a new ephemeral key. The device uses the new ephemeral key to re-encrypt the
versions of the content protection key and ECC private key that are in flash memory.
For more information about the DRBG function, see NIST Special Publication 800-90. For more information about the DSA
PRNG function, see
Federal Information Processing Standard - FIPS PUB 186-2. For more information about PKCS #5, visit
www.rsa.com to see PKCS #5: Password-Based Cryptography Standard.
Data flow: Deriving an ephemeral key that protects a
content protection key and ECC private key
A BlackBerry device uses an ephemeral key to encrypt a content protection key and ECC private key. The device derives
the ephemeral key, which is an AES-256 encryption key, from the device password using PKCS #5.
To derive an ephemeral key, the device performs the following actions:
1. selects a 64-bit salt (which is random data that the BlackBerry device mixes with the device password)
The salt prevents two identical passwords from turning into the same key.
2. concatenates the salt, password, and salt again into a byte array (for example, Salt|Password|Salt)
3. hashes the byte array with SHA-256
4. stores the resulting hash in a byte array that is called a key
(key) =
SHA256(Salt|Password|Salt)
5. hashes the key 18 more times and stores the result in the key each time
For example, for i=0 to 18, the device performs the following actions:
(key) = SHA256(key)
i++
done
The final hash creates the ephemeral key.
For more information, visit www.rsa.com to see PKCS #5: Password-Based Cryptography Standard.
Security Technical Overview Keys on a device
28