Table of Contents
Advertisement
BlackBerry Enterprise Solution
•
verifying digital signatures on received email and PIN messages, and digitally signing outgoing email and
PIN messages
•
encoding and decoding Unicode messages
The BlackBerry device is designed to use the BlackBerry MDS Connection Service, which resides on the
BlackBerry Enterprise Server, to connect to the PGP Universal Server and to the external LDAP PGP key server(s)
that the BlackBerry device user sets on the BlackBerry device. The Connection Service uses standard protocols,
such as HTTP and TCP/IP, to enable the BlackBerry device to retrieve PGP keys and PGP key status from the PGP
Universal Server or an external LDAP PGP key server over the wireless network.
PGP security
PGP technology is designed to enable sender-to-recipient authentication and confidentiality and help maintain
data integrity and privacy from the time that the BlackBerry device user sends a message over the wireless
network until the message recipient decodes and reads the message.
PGP technology relies on public key cryptography (using private and public key pairs) to provide confidentiality,
integrity and authenticity.
PGP key types
The PGP Support Package for BlackBerry devices uses public key cryptography with the following keys:
Key type
Description
PGP public key
The BlackBerry device uses the recipient's PGP public key to encrypt outgoing email
messages, and uses the sender's PGP public key to verify digital signatures on received
email messages.
The PGP public key is designed to be distributed and accessed by message recipients and
senders without compromising security conditions.
PGP private key
The BlackBerry device uses the PGP private key to digitally sign outgoing email
messages and decrypt received email messages.
Private key information should remain private to the key owner.
PGP encryption
If the PGP Support Package for BlackBerry devices exists on a BlackBerry device, when a user sends a message
from that BlackBerry device, the BlackBerry device encrypts the message using the following process:
1.
The BlackBerry device encrypts the message using the message recipient's PGP public key.
2.
The BlackBerry device uses standard BlackBerry encryption to encrypt the PGP encrypted message.
3. The BlackBerry device sends the encrypted message to the BlackBerry Enterprise Server.
4. The BlackBerry Enterprise Server removes the standard BlackBerry encryption and sends the PGP encrypted
message to the recipient.
If the PGP Support Package for BlackBerry devices exists on a BlackBerry device, when the BlackBerry device
receives a message, the BlackBerry device decrypts the message using the following process:
1.
The BlackBerry Enterprise Server receives the PGP protected message.
2.
The BlackBerry Enterprise Server uses standard BlackBerry encryption to encrypt the PGP encrypted
message.
3. The BlackBerry Enterprise Server sends the encrypted message to the BlackBerry device.
4. The BlackBerry device removes the standard BlackBerry encryption and stores the PGP encrypted message.
5. When the user opens the message on the BlackBerry device, the BlackBerry device decrypts the PGP
encrypted message and renders the message contents.
www.blackberry.com
23
Advertisement
Table of Contents
