How the BlackBerry Enterprise Solution encrypts data
on the transport layer
Enterprise Solution uses the Triple DES or AES symmetric key encryption algorithm to protect
all data that the BlackBerry® Enterprise Server and a BlackBerry
device send between each other.
The BlackBerry Enterprise Solution uses the symmetric key encryption algorithm to create message keys and
master encryption keys, and uses the encryption keys to encrypt
all of the data in transit between the BlackBerry device and BlackBerry Enterprise Server.
The data encryption process occurs automatically and is designed
verify that a message that a user sends from a BlackBerry device remains protected on the transport layer until the
BlackBerry Enterprise Server receives the message.
Symmetric key encryption algorithms that the BlackBerry Enterprise Solution uses
(default encryption method)
- uses the Triple DES algorithm to encrypt and decrypt all of the data that the BlackBerry® Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other
- uses the AES algorithm to encrypt and decrypt all of the data that the BlackBerry Enterprise Server
and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other
- designed to use a longer encryption key to provide a better combination of security and performance than Triple DES
- designed to protect user data and encryption keys from traditional attacks and side-channel attacks
- requires BlackBerry®
Desktop Software version 4.0 or later and BlackBerry®
Device Software version 4.0 or later
Triple DES and AES
- by default,
uses AES encryption on BlackBerry
devices that support AES
- permits use of the Triple DES algorithm or AES algorithm to encrypt and decrypt all data that the BlackBerry Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other
- uses Triple DES encryption for BlackBerry
devices that do not support AES (BlackBerry
devices that are running BlackBerry Device Software versions earlier than version 4.0)
Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses
After you finish:
- In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain.
- Click Components.
- In the BlackBerry Enterprise Server section, click the instance that you want to change.
Click Edit instance.
- In the Security section, in the Encryption algorithm drop-down list, click the encryption algorithm that you want the BlackBerry®
Enterprise Solution to use.
- Click Save all.
Re-activate all of the BlackBerry
devices in the BlackBerry Domain
so that users can send and receive email messages on their BlackBerry
Was this information helpful? Send us your comments.