Administration Guide

Local Navigation

Generating organization-specific encryption keys for PIN-message encryption

By default, all BlackBerry® devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of devices that can decrypt PIN messages that BlackBerry device users in your organization send from their devices, you can generate a new PIN encryption key that is stored on and known only to devices in your organization. A device that has a PIN encryption key that is specific to your organization can perform the following actions:
  • can only encrypt PIN messages sent to other devices on your organization's network that use the same PIN encryption key
  • can only decrypt PIN messages that are sent from devices that use the global PIN encryption key or PIN messages from other devices on your organization's network that use the same PIN encryption key
  • cannot decrypt PIN messages sent from devices that use a PIN encryption key from another organization

You should generate a new PIN encryption key if you know that your current organization-specific PIN encryption key is compromised.

Generate a PIN encryption key

You can generate a PIN encryption key to make the BlackBerry® devices in your organization use a PIN encryption key that is specific to your organization for PIN messaging.

  1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology.
  2. Click BlackBerry Domain.
  3. Click Update peer-to-peer encryption key.
  4. Click Create new key.

Was this information helpful? Send us your comments.