Blackberry ENTERPRISE SOLUTION SECURITY - ENTERPRISE SOLUTION - SECURITY TECHNICAL Overview page 16

BlackBerry Enterprise Solution
The BlackBerry Enterprise Solution uses either the Triple DES or the AES algorithm for standard BlackBerry
encryption. By default, the BlackBerry Enterprise Server is set to use the strongest common symmetric key
encryption algorithm, of either Triple DES or AES, that both the BlackBerry Enterprise Server and the BlackBerry
device support.
Encryption algorithm
Triple DES
AES
When the BlackBerry device supports AES, the BlackBerry Enterprise Solution uses AES for BlackBerry transport
layer encryption by default. Visit
"What Is - Recommendation on the use of Triple DES or AES for BlackBerry transport layer encryption" for more
information on how the BlackBerry Enterprise Server uses AES transport layer encryption for all communication
with BlackBerry devices.
Software requirements for BlackBerry encryption algorithms
Encryption algorithm
Triple DES
AES
If the BlackBerry Enterprise Server is set to permit the use of both Triple DES and AES and a BlackBerry device
user is running the BlackBerry Device Software or the BlackBerry Desktop Software Version 3.7 or earlier, the
BlackBerry Enterprise Solution generates that user's BlackBerry device master encryption keys using Triple DES.
Otherwise, the BlackBerry Enterprise Solution generates master encryption keys using AES.
www.blackberry.com
Description
The BlackBerry Enterprise Solution uses three iterations of the DES algorithm with
two 56-bit keys in outer CBC mode for an overall key length of 112 bits. For more
information, see Federal Information Processing Standard - FIPS PUB 81 [3].
In the two-key Triple DES algorithm, the first key encrypts the data, the second key
decrypts the data, and then the first key encrypts the data again.
Message keys and master encryption keys that the BlackBerry Enterprise Solution
produces using Triple DES contain 112 bits of key data and 16 bits of parity data,
which are stored as a 128-bit long binary string. Each parity bit is stored in the least
significant bit of each of the 8 bytes of key data.
A competition to design an algorithm with a better combination of security and
performance than DES or Triple DES produced AES. AES offers a larger key size
than DES or Triple DES to provide greater security against brute-force attacks. The
BlackBerry Enterprise Solution uses AES with 256-bit keys in CBC mode to encrypt
data that the BlackBerry Enterprise Server and the BlackBerry device send between
them.
The BlackBerry device implementation of AES includes power analysis and
electromagnetic analysis countermeasure protection that is designed to address the
potential of side-channel attacks against the BlackBerry device. The AES
implementation uses masking countermeasures to hide the true operations taking
place on the BlackBerry device so that power analysis readings or electromagnetic
radiation emissions do not reveal information that can expose the encryption key.
For more information, see "Appendix F: Power and electromagnetic side-channel
attacks and countermeasures" on page 78.
The AES message keys and master encryption keys that the BlackBerry Enterprise
Solution uses contain 256 bits of key data.
www.blackberry.com/knowledgecenterpublic/
BlackBerry Enterprise
Server
any version
4.0 or later
to view the article KB-05429
BlackBerry Device
Software
any version
4.0 or later
16
BlackBerry Desktop
Software
any version
4.0 or later