PGP Application policy group

Policy Reference Guide

Search This Document

Download PDF

The IT policy rules in the PGP Application policy group apply to BlackBerry® devices running the PGP® Support Package for BlackBerry® smartphones. For more information about using the PGP Support Package for BlackBerry smartphones, see the PGP Support Package for BlackBerry Devices Security Technical Overview.

PGP Allowed Content Ciphers IT policy rule

Description	This rule specifies the encryption algorithms that a BlackBerry® device can use to encrypt PGP® protected messages. To maintain compatibility with most PGP clients, use Triple DES encryption and CAST. By default, a device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to a recipient.
Possible values	AES (256-bit) AES (192-bit) AES (128-bit) CAST (128-bit) Triple DES
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Allowed Encrypted Attachment Mode IT policy rule

Description	This rule specifies the mode for retrieving PGP® protected attachment information on a BlackBerry® device.
Possible values	None Manual Automatic
Default value	Automatic
Minimum requirements	BlackBerry® Device Software 4.5
Rule introduction	BlackBerry® Enterprise Server 4.1 SP5

PGP Allowed Encryption Types IT policy rule

Description	This rule specifies the types of encryption that a BlackBerry® device can use for PGP® protected messages.
Possible values	PGP key-based only Conventional only Both
Default value	Both
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.0 BlackBerry® Device Software 4.6
Rule introduction	BlackBerry® Enterprise Server 4.1 SP6

PGP Blind Copy Address IT policy rule

Description	This rule specifies an email address that is added as a BCC recipient to all encrypted PGP® messages that a BlackBerry® device sends.
Default value	Null value
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Force Digital Signature IT policy rule

Description	This rule specifies whether a BlackBerry® device digitally signs all PGP® protected messages that it sends. If you apply this rule, you might override email policy settings on the PGP® Universal Server.
Possible values	Yes No
Default value	No
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Force Encrypted Messages IT policy rule

Description	This rule specifies whether a BlackBerry® device encrypts all PGP® protected messages that it sends. If you apply this rule, you might override email policy settings on the PGP® Universal Server.
Possible values	Yes No
Default value	No
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Minimum Strong DH Key Length IT policy rule

Description	This rule specifies the minimum Diffie-Hellman key size to use with PGP® protected messages.
Related rules	This rule affects the Disable Weak Certificate Use IT policy rule. Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a BlackBerry® device user from sending email messages using certificates that have corresponding weak public keys.
Possible values	512 to 4096 bits
Default value	1024 bits
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Minimum Strong DSA Key Length IT policy rule

Description	This rule specifies the minimum DSA key size to use with PGP® protected messages. The permitted range is 512 through 1024 bits.
Related rules	This rule affects the Disable Weak Certificate Use IT policy rule. Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent a BlackBerry® device user from sending email messages using certificates that have corresponding weak public keys.
Possible values	512 to 1024 bits
Default value	1024 bits
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Minimum Strong RSA Key Length IT policy rule

Description	This rule specifies the minimum RSA® key size to use with PGP® protected messages.
Related rules	This rule affects the Disable Weak Certificate Use IT policy rule. Configure the Disable Weak Certificate Use IT policy rule to Yes to prevent BlackBerry® device users from sending email messages using certificates that have corresponding weak public keys.
Possible values	512 to 4096 bits
Default value	1024 bits
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP More All and Send Mode IT policy rule

Description	This rule specifies the mode that a BlackBerry® device uses to retrieve the complete text of an email message when a BlackBerry device user replies to or forwards an email message.
Possible values	Automatic Manual None
Default value	Manual
Minimum requirements	BlackBerry® Device Software 5.0
Rule introduction	BlackBerry® Enterprise Server 5.0 SP1

PGP Universal Enrollment Method IT policy rule

Description	This rule specifies the method that a BlackBerry® device user must use to enroll with the PGP® Universal Server on a BlackBerry device. The user must submit the enrollment information to the PGP Universal Server before the user sends and receives PGP protected messages on the device.
Possible values	Domain username/password enrollment Email-based enrolment
Default value	Email-based enrollment
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Universal Policy Cache Timeout IT policy rule

Description	This rule specifies the length of time that a BlackBerry® device caches the PGP® Universal Server address.
Possible values	4 to 48 hours
Default value	24 hours
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP® Support Package for BlackBerry® smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

PGP Universal Server Address IT policy rule

Description	This rule specifies the address of your organization's PGP® Universal Server. The PGP Universal Server applies email policies that the PGP Universal Server administrator configures. Configure this rule to require that the BlackBerry® device user registers with the PGP Universal Server. A BlackBerry device that is registered with the PGP® Support Package for BlackBerry® smartphones enforces compliance with the email policies for all email messages.
Default value	Null value
Exceptions	BlackBerry® Enterprise Server for Novell® GroupWise®
Minimum requirements	PGP Support Package for BlackBerry smartphones 4.1 BlackBerry® Device Software 4.1
Rule introduction	BlackBerry® Enterprise Server 4.0 SP2

Next topic: Phone policy group

Previous topic: Disable Wireless Bulk Loads IT policy rule

Was this information helpful? Send us your comments.

Global Navigation