Generating organization-specific encryption keys for PIN message encryption

Administration Guide

Overview: BlackBerry Enterprise Server
Log in to the BlackBerry Administration Service for the first time
Creating administrator accounts
Using an IT policy to manage BlackBerry Enterprise Solution security
Configuring security options
- Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other
- Controlling BlackBerry device access to the BlackBerry Enterprise Server
- Extending messaging security to a BlackBerry device
  - Extending messaging security using S/MIME encryption
    - Configure the BlackBerry Enterprise Solution to support S/MIME encryption
    - Configure encryption options for S/MIME-protected messages
- Enforcing secure messaging using classifications
- Generating organization-specific encryption keys for PIN message encryption
  - Generate a PIN encryption key
- Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and BlackBerry MVS provide
- When a BlackBerry device overwrites data in the BlackBerry device memory
  - Changing when a BlackBerry device cleans the BlackBerry device memory
  - Best practice: Configuring additional memory cleaner settings for BlackBerry devices
- Managing the BlackBerry MDS Integration Service certificate
  - Configuring the BlackBerry MDS Integration Service instances to use a trusted certificate
    - Create a CSR file for the BlackBerry MDS Integration Service trusted certificate
    - Import the trusted certificate into the BlackBerry MDS Integration Service key store
  - Generate a self-signed certificate for the BlackBerry MDS Integration Service
- Permit client authentication between the BlackBerry MDS Integration Service and web services that use self-signed certificates
- Configure support for notification messages over HTTPS for BlackBerry MDS Runtime Applications on BlackBerry devices
  - Import the X.509 certificate for the web service into the trust store of the BlackBerry MDS Integration Service
  - Import the X.509 certificate for the BlackBerry MDS Integration Service into the trust store of the JVM that runs the notification client
Configuring the BlackBerry Enterprise Server environment
Configuring user accounts
Assigning BlackBerry devices to users
Configuring BlackBerry Enterprise Server high availability
Configuring high availability for BlackBerry Enterprise Server components
Configuring BlackBerry Configuration Database high availability
Sending software and BlackBerry Java Applications to BlackBerry devices
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices
Making BlackBerry MDS Runtime Applications and BlackBerry Browser Applications available to users
Configuring how users access enterprise applications and web content
Setting up the messaging environment
Configuring BlackBerry devices to enroll certificates over the wireless network
Making the BlackBerry Web Desktop Manager available to users
Configuring the BlackBerry Web Desktop Manager
Creating and configuring Wi-Fi profiles, VPN profiles, and VoIP profiles
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices
Configuring software tokens for BlackBerry devices
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager
Managing administrator accounts
Managing groups and user accounts
Using IT administration commands to protect a lost or stolen BlackBerry device
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices
Managing BlackBerry MDS Runtime Applications and BlackBerry Browser Applications
Managing how users access enterprise applications and web content
Managing organizer data synchronization
Managing your organization's messaging environment and attachment support
Managing instant messaging
Managing a BlackBerry Domain
BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring
BlackBerry Enterprise Server log files
BlackBerry Enterprise Solution connection types and port numbers
Troubleshooting
Glossary
Provide feedback
Legal notice

Search This Document

Download PDF

By default, all BlackBerry® devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of BlackBerry devices that can decrypt PIN messages that users in your organization send from their BlackBerry devices, you can generate a new PIN encryption key that is stored on and known only to BlackBerry devices in your organization. BlackBerry devices with a PIN encryption key that is specific to your organization can send and receive PIN messages only with other BlackBerry devices that store the same PIN encryption key.

You should generate a new PIN encryption key if you know that your current organization-specific PIN encryption key is compromised.

Generate a PIN encryption key

You can generate a PIN encryption key to make the BlackBerry® devices in your organization use a PIN encryption key that is specific to your organization for PIN messaging.

In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology.
Click BlackBerry Domain.
Click Update peer-to-peer encryption key.
Click Create new key.

Next topic: Turn off BlackBerry services that the BlackBerry MDS Connection Service, BlackBerry Collaboration Service, and BlackBerry MVS provide

Previous topic: Delete a message classification

Was this information helpful? Send us your comments.

Global Navigation

Administration Guide

Local Navigation

Generating organization-specific encryption keys for PIN message encryption

Generate a PIN encryption key