Filter
Top Products
How the BlackBerry Enterprise Solution uses Triple DES to encrypt data
The BlackBerry Enterprise Solution uses a two-key Triple DES encryption algorithm to generate message keys and device
transport keys. In the three iterations of the DES algorithm, the first 56-bit key in outer CBC mode encrypts the data, the
second 56-bit key decrypts the data, and the first key encrypts the data again.
The BlackBerry Enterprise Solution stores the message keys and device transport keys as 128-bit binary strings with each
parity bit in the least significant bit of each of the 8 bytes of key data. The message keys and device transport keys have
overall key lengths of 112 bits and include 16 bits of parity data.
All versions of the BlackBerry Enterprise Server, BlackBerry Device Software, and BlackBerry Desktop Software support
Triple DES.
For more information about Triple DES, see Federal Information Processing Standard - FIPS PUB 81 [3].
Extending messaging security to a
BlackBerry device
If your organization's messaging environment supports secure messaging technology such as PGP encryption or S/MIME
encryption, you can configure the BlackBerry Enterprise Solution to encrypt a message using PGP encryption or S/MIME
encryption so that the message remains encrypted when the BlackBerry Enterprise Server forwards the message to the
email applications of recipients. To extend messaging security, the sender and recipient must install highly secure
messaging technology on the computers that host the email applications and on their
BlackBerry devices, and you must
configure the BlackBerry devices to use the highly secure messaging technology.
Encrypting user data on a locked device
If you or a BlackBerry device user turns on content protection, you or the user can configure a locked device to encrypt
stored user data and data that the locked device receives. When you or a user turns on content protection, a locked device
is designed to use AES-256 encryption to encrypt stored data and an ECC public key to encrypt data that the locked device
receives.
For example, the locked device uses content protection to encrypt the following items:
• subject, location, meeting organizer, attendees, and any notes in all appointments or meeting requests
• all contact information in the contact list except for the contact title and category
• subject, email addresses of intended recipients, message body, and attachments in all email messages
• title and information that is included in the body of a note for all memos (also known as posted messages)
• subject and all information that is included in the body of tasks (also known as posted all day appointments)
Feature and Technical Overview BlackBerry Enterprise Solution security
51