Administration Guide

Local Navigation

Encrypting data that the BlackBerry Enterprise Server Express and a BlackBerry device send to each other

To encrypt data that is in transit between the BlackBerry® Enterprise Server Express and a BlackBerry device in your organization, the BlackBerry® Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when the BlackBerry Enterprise Server Express receives the message, and from the time that the BlackBerry Enterprise Server Express sends a message to when the BlackBerry device receives the message.

Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key. When the BlackBerry Enterprise Server Express receives a message from the BlackBerry device, the BlackBerry Dispatcher decrypts the message using the device transport key, and then decompresses the message.

Algorithms that the BlackBerry Enterprise Solution uses to encrypt data

The BlackBerry® Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting data. By default, the BlackBerry® Enterprise Server Express uses the strongest algorithm that both the BlackBerry Enterprise Server Express and the BlackBerry device support for BlackBerry transport layer encryption.

If you configure the BlackBerry Enterprise Server Express to support AES and Triple DES, by default, the BlackBerry Enterprise Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry® Device Software version 3.7 or earlier or BlackBerry® Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates the device transport keys of the BlackBerry device using Triple DES.

Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses

  1. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
  2. In the BlackBerry Enterprise Server section, click the instance that you want to change.
  3. Click Edit instance.
  4. In the Security information section, in the Encryption algorithm drop-down list, click the encryption algorithm that you want the BlackBerry® Enterprise Solution to use.
  5. Click Save All.
After you finish: Re-activate all of the BlackBerry devices that are located in the BlackBerry Domain so that users can send and receive email messages on their BlackBerry devices.

Was this information helpful? Send us your comments.