Table of Contents
Advertisement
BlackBerry Enterprise Solution
PGP encryption algorithms
The BlackBerry device is designed to support the use of a strong algorithm for PGP encryption. The PGP Allowed
Content Ciphers IT policy rule default setting specifies that the BlackBerry device can use any of the supported
algorithms to encrypt PGP messages. The BlackBerry Enterprise Server administrator can set the PGP Allowed
Content Ciphers IT policy rule to encrypt PGP messages using any of AES (256-bit), AES (192-bit), AES (128-bit),
CAST (128-bit), and Triple DES (168-bit).
The message recipient's PGP key indicates which content ciphers the recipient can support, and the BlackBerry
device is designed to use one of those ciphers. The BlackBerry device encrypts the message using Triple DES by
default if the recipient's PGP key does not include a list of ciphers.
For more information, see the PGP Support Package for BlackBerry Devices Security Technical Overview.
S/MIME Support Package for BlackBerry devices
The S/MIME Support Package for BlackBerry devices is designed to enable BlackBerry device users who are
already sending and receiving S/MIME messages using their computer email application to send and receive
S/MIME-protected messages using their BlackBerry devices. The S/MIME Support Package for BlackBerry
devices is designed to work with S/MIME email clients including Microsoft Outlook® and Microsoft Outlook
Express, and with popular PKI components, including Netscape®, Entrust® Authority™ Security Manager version
5 and later, and Microsoft certificate authorities.
The S/MIME Support Package for BlackBerry devices includes tools for obtaining certificates and transferring
them to the BlackBerry device. This means that BlackBerry devices with the S/MIME Support Package for
BlackBerry devices installed can decrypt messages that are encrypted using S/MIME encryption and BlackBerry
device users can read the decrypted messages on their BlackBerry devices, and that BlackBerry device users can
sign, encrypt, and send S/MIME messages from their BlackBerry devices. Without the S/MIME Support Package
for BlackBerry devices the BlackBerry Enterprise Server sends a message to the BlackBerry device in which the
message body includes a statement that the S/MIME message cannot be decrypted.
The S/MIME Support Package for BlackBerry devices includes support for the following features:
•
certificate and private key synchronization and management using the Certificate Synchronization Manager
included in the BlackBerry Desktop Software
•
encrypting and decrypting messages, including PIN messages, verifying digital signatures, and digitally
signing outgoing messages
•
allowing BlackBerry devices to use a password that the message sender and recipient share manually to
encrypt S/MIME-protected email or PIN messages
•
searching for and retrieving certificates and certificate status over the wireless network using PKI protocols
•
smart cards on BlackBerry devices
•
encoding and decoding Unicode messages
PKI component support
The S/MIME Support Package for BlackBerry devices is designed to support the following PKI components:
•
LDAP: The BlackBerry device and the Certificate Synchronization Manager use LDAP or LDAPS to search for
and download certificates.
•
OCSP: The BlackBerry device and the Certificate Synchronization Manager use OCSP to check the
revocation status of a certificate on demand.
•
CRL: The BlackBerry device and the Certificate Synchronization Manager obtain the most recent revocation
status of certificates, which is published at a frequency set on the certificate authority server, from a CRL.
www.blackberry.com
24
Advertisement
Table of Contents
