The BlackBerry® Enterprise Solution uses a symmetric key encryption algorithm that is designed to protect data in transit between a BlackBerry device and the BlackBerry® Enterprise Server. Standard BlackBerry encryption, which is designed to provide strong security, helps protect data in transit to the BlackBerry Enterprise Server when message data is outside of the organization's firewall.
Standard BlackBerry encryption is designed to encrypt messages that a BlackBerry device sends or that the BlackBerry Enterprise Server forwards to the BlackBerry device. Standard BlackBerry encryption encrypts messages as follows:
- from the time the user sends an email message or PIN message from the BlackBerry device to the time when the BlackBerry Enterprise Server receives the message
- from the time the BlackBerry Enterprise Server receives a message to the time when the user opens the decrypted message on the BlackBerry device
Before the BlackBerry device sends a message, it compresses the message and then encrypts the message using the master encryption key, which is unique to that BlackBerry device. The BlackBerry device does not use the master encryption key in the compression process.
When the BlackBerry Enterprise Server receives the message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message using the master encryption key of the BlackBerry device, and then decompresses the message.