Description

This rule specifies the encryption algorithms that a BlackBerry® device can use to encrypt PGP® protected messages. To maintain compatibility with most PGP clients, use Triple DES encryption and CAST. By default, a device is designed to encrypt email messages using Triple DES encryption if it does not know the decryption capabilities available to a recipient.

Example

Your organization implemented PGP technology to secure email messages and other electronic data that employees send and receive. You install the PGP® Support Package for BlackBerry® smartphones on devices to allow BlackBerry device users to send and receive PGP email and PIN messages.

Your organization supports the use of the AES and Triple DES standards only, so you use this rule to permit devices to use these content ciphers only to encrypt PGP messages.

Possible values

• AES (256-bit)
• AES (192-bit)
• AES (128-bit)
• CAST (128-bit)
• Triple DES

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the mode for retrieving PGP® protected attachment information on a BlackBerry® device.

Example

The security standards in your organization specify that users should only open PGP encrypted message attachments on their computers in a highly secure work environment. You can use this rule to prevent users from retrieving PGP encrypted attachments on their devices.

Possible values

• None
• Manual
• Automatic

Default value

• Automatic

Minimum requirements

• BlackBerry® Device Software 4.5

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the types of encryption that a BlackBerry® device can use for PGP® protected messages.

Example

Your organization manages information that demands a high level of security. You can use this rule to support both PGP encryption and conventional encryption for email messages that are sent from and received on devices.

Possible values

• PGP key-based only
• Conventional only
• Both

Default value

• Both

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.0
• BlackBerry® Device Software 4.6

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies whether a BlackBerry® device digitally signs all PGP® protected messages that it sends. If you apply this rule, you might override email policy settings on the PGP® Universal Server.

Example

Your organization implemented PGP technology to secure email messages and other electronic data that employees send and receive. You install the PGP® Support Package for BlackBerry® smartphones on devices to allow BlackBerry device users to send and receive PGP email and PIN messages.

Your organization's security standards require that all email messages must be digitally signed. A digital signature is used to verify that the message was sent from the correct user. You can use this rule to add digital signatures to all PGP messages that are sent from devices.

Possible values

• Yes
• No

Default value

• No

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies whether a BlackBerry® device encrypts all PGP® protected messages that it sends. If you apply this rule, you might override email policy settings on the PGP® Universal Server.

Example

Your organization implemented PGP technology to secure email messages and other electronic data that employees send and receive. You install the PGP® Support Package for BlackBerry® smartphones on devices to allow BlackBerry device users to send and receive PGP email and PIN messages.

To meet your organization's requirements for highly secure mobile communication, you can use this rule to make devices encrypt all email messages that users forward or reply to using PGP encryption.

Possible values

• Yes
• No

Default value

• No

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the minimum Diffie-Hellman key size to use with PGP® protected messages.

Example

BlackBerry® devices use PGP public keys and PGP private keys to encrypt and decrypt email messages. PGP keys can use the DH algorithm for encryption and decryption. The length of the key in bits is an important factor in determining the strength of the key. Your organization supports a minimum key length of 512 bits for keys that use the DH algorithm, so you specify 512 bits for this rule to permit devices to support PGP keys of this length or greater.

Possible values

• 512 to 4096 bits

Default value

• 1024 bits

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the minimum DSA key size to use with PGP® protected messages. The permitted range is 512 through 1024 bits.

Example

BlackBerry® devices use PGP public keys and PGP private keys to encrypt and decrypt email messages. PGP keys can use the DSA algorithm for encryption and decryption. The length of the key in bits is an important factor in determining the strength of the key. Your organization supports a minimum key length of 512 bits for keys that use the DSA algorithm, so you specify 512 bits for this rule to permit devices to support PGP keys of this length or greater.

Possible values

• 512 to 1024 bits

Default value

• 1024 bits

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the minimum RSA® key size to use with PGP® protected messages.

Example

BlackBerry® devices use PGP public keys and PGP private keys to encrypt and decrypt email messages. PGP keys can use the RSA algorithm for encryption and decryption. The length of the key in bits is an important factor in determining the strength of the key. Your organization supports a minimum key length of 512 bits for keys that use the RSA algorithm, so you specify 512 bits for this rule to permit devices to support PGP keys of this length or greater.

Possible values

• 512 to 4096 bits

Default value

• 1024 bits

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the mode that a BlackBerry® device uses to retrieve the complete text of an email message when a BlackBerry device user replies to or forwards an email message.

Example

By default, BlackBerry device users must request the complete text of email messages that they reply to or forward as PGP® messages from their devices. You can use this rule to make devices automatically retrieve and display the complete text of messages that users reply to or forward as PGP messages.

Possible values

• Automatic
• Manual
• None

Default value

• Manual

Minimum requirements

• BlackBerry® Device Software 5.0

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the method that a BlackBerry® device user must use to enroll with the PGP® Universal Server on a BlackBerry device. The user must submit the enrollment information to the PGP Universal Server before the user sends and receives PGP protected messages on the device.

Example

To support PGP encryption with the PGP Universal Server, BlackBerry device users must enroll their devices with your organization's PGP Universal Server. By default, email-based enrollment is used to enroll devices with the PGP Universal Server. To meet your organization's security requirements, you can use this rule to enforce an alternate method that requires users to specify their domain user name and password to enroll their devices.

Possible values

• Domain username/password enrollment
• Email-based enrolment

Default value

• Email-based enrollment

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the length of time that a BlackBerry® device caches the PGP® Universal Server address.

Example

BlackBerry devices retrieve the email policy of the PGP Universal Server to determine whether to sign, encrypt, or sign and encrypt email messages. If the email policy does not change often, you can set this rule so that devices retrieve the email policy of the PGP Universal Server every 48 hours.

Possible values

• 4 to 48 hours

Default value

• 24 hours

Minimum requirements

• PGP® Support Package for BlackBerry® smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2

Description

This rule specifies the address of your organization's PGP® Universal Server. The PGP Universal Server applies email policies that the PGP Universal Server administrator configures. Configure this rule to require that the BlackBerry® device user registers with the PGP Universal Server. A BlackBerry device that is registered with the PGP® Support Package for BlackBerry® smartphones enforces compliance with the email policies for all email messages.

Default value

• Null value

Minimum requirements

• PGP Support Package for BlackBerry smartphones 4.1
• BlackBerry® Device Software 4.1

Rule introduction

• BlackBerry® Enterprise Server Express 5.0 SP2