Table of Contents
Advertisement
BlackBerry Enterprise Solution
If the MSCAPI exists on the computer on which the BlackBerry Enterprise Server is running, the BlackBerry
Enterprise Server also requests 512 bits of randomness from the MSCAPI to increase the amount of entropy.
3. The BlackBerry Enterprise Server inputs the state array into the ARC4 algorithm to further randomize the
array.
4. The BlackBerry Enterprise Server draws 521 bytes from the ARC4 state array.
Note: The BlackBerry Enterprise Server draws the additional 9 bytes (512 + 9=521) to make sure that the
pointers before and after the call are not in the same place, and to take into account that the first few bytes
of the ARC4 state array might not be truly random.
5. The BlackBerry Enterprise Server uses SHA-512 to hash the 521-byte value to 64 bytes.
6. The BlackBerry Enterprise Server uses the 64-byte value to seed a NIST-approved DSA PRNG function. For
more information about the DSA PRNG function, see Federal Information Processing Standard – FIPS PUB
186-2.
The BlackBerry Enterprise Server stores a copy of the seed in a file. When the BlackBerry Enterprise Server
restarts, it reads the seed from the file and uses the XOR function to compare the stored seed with the new
seed.
7.
The DSA PRNG function generates 128 pseudo-random bits for use with Triple DES and 256 pseudo-random
bits for use with AES.
8. The BlackBerry Enterprise Server uses the pseudo-random bits with the appropriate algorithm to generate
the message key.
Process for generating message keys on the BlackBerry device
The BlackBerry device is designed to seed a DSA PRNG function to generate a message key using the following
process:
1.
The BlackBerry device obtains random data from multiple sources for the seed, using a technique derived
from the initialization function of the ARC4 encryption algorithm.
2.
The BlackBerry device uses the random data to permute the contents of a 256-byte (2048-bit) state array.
3. The BlackBerry device inputs the state array into the ARC4 algorithm to further randomize the array.
4. The BlackBerry device draws 521 bytes from the ARC4 state array.
Note: The BlackBerry device draws the additional 9 bytes (512 + 9=521) to make sure that the pointers
before and after the call are not in the same place, and to take into account that the first few bytes of the
ARC4 state array might not be truly random.
5. The BlackBerry device uses SHA-512 to hash the 521-byte value to 64 bytes.
6. The BlackBerry device uses the 64-byte value to seed a NIST-approved DSA PRNG function. For more
information about the DSA PRNG function, see Federal Information Processing Standard – FIPS PUB 186-2.
The BlackBerry device stores a copy of the seed in a file. When the BlackBerry device restarts, it reads the
seed from the file and uses the XOR function to compare the stored seed with the new seed.
7.
The DSA PRNG function generates 128 pseudo-random bits for use with Triple DES and 256 pseudo-random
bits for use with AES.
8. The BlackBerry device uses the pseudo-random bits with the appropriate algorithm to generate the message
key.
Content protection keys
When the BlackBerry Enterprise Server administrator turns on or the BlackBerry device user turns on content
protection on the BlackBerry device, the BlackBerry device generates encryption keys, including the content
www.blackberry.com
13
Advertisement
Table of Contents
