Administration Guide

Local Navigation

Encrypting data that the BlackBerry Enterprise Server and a BlackBerry device send to each other

To encrypt data that is in transit between the BlackBerry® Enterprise Server and a BlackBerry device in your organization, the BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a message to when the BlackBerry device receives the message.

Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key. When the BlackBerry Enterprise Server receives a message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message using the device transport key, and then decompresses the message.

Algorithms that the BlackBerry Enterprise Solution uses to encrypt data

The BlackBerry® Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting data. By default, the BlackBerry® Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server and the BlackBerry device support for BlackBerry transport layer encryption.

If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry® Device Software version 3.7 or earlier or BlackBerry® Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device transport keys of the BlackBerry device using Triple DES.

Back To Top

Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses

  1. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view > BlackBerry Enterprise Server.
  2. Click the instance that you want to change.
  3. Click Edit instance.
  4. In the Security information section, in the Encryption algorithm drop-down list, click the encryption algorithm that you want the BlackBerry® Enterprise Solution to use.
  5. Click Save All.
After you finish: Re-activate all of the BlackBerry devices that are located in the BlackBerry Domain so that users can send and receive email messages on their BlackBerry devices.
Back To Top

Was this information helpful? Send us your comments.