PIN encryption keys
The PIN encryption key is a Triple DES 128-bit key that a BlackBerry® device uses to encrypt PIN messages that it sends to other devices and to authenticate and decrypt PIN messages that it receives from other devices. If a BlackBerry device user knows the PIN of another device, the user can send a PIN message to the device. Unlike an email message that a user sends to an email address, a PIN message bypasses the BlackBerry® Enterprise Server and your organization's network.
By default, each device uses the same global PIN encryption key, which Research In Motion adds to the device during the manufacturing process. The global PIN encryption key permits every device to authenticate and decrypt every PIN message that the device receives. Because all devices share the same global PIN encryption key, there is a limit to how effectively PIN messages are encrypted. PIN messages are not considered as confidential as email messages sent from the BlackBerry Enterprise Server, which use BlackBerry transport layer encryption. Encryption using the global PIN encryption key is sometimes referred to as "scrambling".
If the security policies of your organization require additional confidentiality for PIN messages, you can generate a PIN encryption key that is specific to your organization or configure S/MIME encryption or PGP® encryption for PIN messages.
You can generate a PIN encryption key for your organization and send it to devices using the BlackBerry Administration Service.
When you use a PIN encryption key that is specific to your organization, BlackBerry® Messenger messages also use the PIN encryption key. If you use a PIN encryption key that is specific to your organization, you limit users so that they can only use BlackBerry Messenger with other users in your organization and you create a closed community within your organization.