Principal encryption keys
When you or a user turns on content protection for device transport keys, a BlackBerry® device generates a principal encryption key and stores it in flash memory. The BlackBerry device uses the principal encryption key to encrypt the device transport keys that are stored on the BlackBerry device in flash memory and the PIN encryption key that is specific to your organization. The BlackBerry device encrypts the principal encryption key using the content protection key. When the BlackBerry device receives data that the device transport key encrypts while the BlackBerry device is locked, the BlackBerry device uses the principal encryption key to decrypt the device transport key that is in flash memory.