User guide
Encrypting data that the
BlackBerry Enterprise Server
and a device send to each
other
To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization,
the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is
designed to encrypt data from the time that a device user sends a message from the device to when the BlackBerry
Enterprise Server
receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when
the device receives the message.
Before the device sends a message, it compresses and encrypts the message using the device transport key. When the
BlackBerry Enterprise Server receives a message from the device, the BlackBerry Dispatcher decrypts the message using
the device transport key, and then decompresses the message.
Algorithms that the BlackBerry Enterprise
Solution uses to encrypt data
The BlackBerry Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting
data. By default, the BlackBerry Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server
and the BlackBerry device support for BlackBerry transport layer encryption.
If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise
Solution generates device transport keys using AES encryption. If a device uses BlackBerry Device Software version 3.7 or
earlier or
BlackBerry Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device
transport keys of the device using Triple DES.
4
Security Technical Overview Encrypting data that the BlackBerry Enterprise Server and a device send to each other
31