How the BlackBerry Enterprise Solution encrypts data on the transport layer

Help Center

Overview: BlackBerry Enterprise Server
Log in to the BlackBerry Administration Service for the first time
Creating administrator accounts
Configuring security options
- How the BlackBerry Enterprise Solution encrypts data on the transport layer
  - Symmetric key encryption algorithms that the BlackBerry Enterprise Solution uses
  - Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses
- Controlling BlackBerry device behavior using IT policies
- Reconciliation rules for conflicting IT policies
  - Reconciliation rules: IT policies
- Resolving IT policy assignments for user accounts and groups
  - Rank IT policies
  - Verify which IT policy the BlackBerry Enterprise Server assigned to a BlackBerry device
- Managing the BlackBerry MDS Integration Service certificate
  - Configuring the BlackBerry MDS Integration Service instances to use a trusted certificate
    - Create a CSR file for the BlackBerry MDS Integration Service trusted certificate
    - Import the trusted certificate into the BlackBerry MDS Integration Service key store
  - Generate a self-signed certificate for the BlackBerry MDS Integration Service
- Permit client authentication between the BlackBerry MDS Integration Service and web services that use self-signed certificates
Configuring the BlackBerry Enterprise Server environment
Configuring user accounts
Assigning BlackBerry devices to users
Configuring BlackBerry Enterprise Server high availability
Configuring high availability for BlackBerry Enterprise Server components
Configuring BlackBerry Configuration Database high availability
Sending software and BlackBerry Java Applications to BlackBerry devices
Alternative methods for installing BlackBerry Java Applications on BlackBerry devices
Making BlackBerry MDS Runtime Applications and BlackBerry Browser Applications available to users
Configuring how users access enterprise applications and web content
Setting up the messaging environment
Controlling the BlackBerry Enterprise Solution
Configuring BlackBerry devices to enroll certificates over the wireless network
Making the BlackBerry Web Desktop Manager available to users
Configuring the BlackBerry Web Desktop Manager
Creating and configuring Wi-Fi profiles and VPN profiles
Configuring encryption and authentication methods for Wi-Fi enabled BlackBerry devices
Configuring software tokens for BlackBerry devices
Changing the security settings of the BlackBerry Administration Service and BlackBerry Web Desktop Manager
Managing administrator accounts
Managing groups and user accounts
Protecting and reassigning BlackBerry devices
Managing the delivery of BlackBerry Java Applications, BlackBerry Device Software, and device settings to BlackBerry devices
Managing BlackBerry MDS Runtime Applications and BlackBerry Browser Applications
Managing how users access enterprise applications and web content
Managing organizer data synchronization
Managing your organization's messaging environment and attachment support
Managing instant messaging
Managing a BlackBerry Domain
Managing Wi-Fi profiles and VPN profiles
BlackBerry Controller and BlackBerry Enterprise Server Component Monitoring
BlackBerry Enterprise Server log files
BlackBerry Enterprise Solution connection types and port numbers
Troubleshooting
Glossary
Provide feedback
Legal notice

Search This Document

Download PDF

The BlackBerry® Enterprise Solution uses the Triple DES or AES symmetric key encryption algorithm to protect all data that the BlackBerry® Enterprise Server and a BlackBerry device send between each other.

The BlackBerry Enterprise Solution uses the symmetric key encryption algorithm to create message keys and master encryption keys, and uses the encryption keys to encrypt all of the data in transit between the BlackBerry device and BlackBerry Enterprise Server.

The data encryption process occurs automatically and is designed to verify that a message that a user sends from a BlackBerry device remains protected on the transport layer until the BlackBerry Enterprise Server receives the message.

Symmetric key encryption algorithms that the BlackBerry Enterprise Solution uses

Encryption type	Description
Triple DES (default encryption method)	uses the Triple DES algorithm to encrypt and decrypt all of the data that the BlackBerry® Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other
AES	uses the AES algorithm to encrypt and decrypt all of the data that the BlackBerry Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other designed to use a longer encryption key to provide a better combination of security and performance than Triple DES designed to protect user data and encryption keys from traditional attacks and side-channel attacks requires BlackBerry® Desktop Software version 4.0 or later and BlackBerry® Device Software version 4.0 or later
Triple DES and AES	by default, uses AES encryption on BlackBerry devices that support AES permits use of the Triple DES algorithm or AES algorithm to encrypt and decrypt all data that the BlackBerry Enterprise Server and BlackBerry devices that are associated with the BlackBerry Enterprise Server send between each other uses Triple DES encryption for BlackBerry devices that do not support AES (BlackBerry devices that are running BlackBerry Device Software versions earlier than version 4.0)

Change the symmetric key encryption algorithm that the BlackBerry Enterprise Solution uses

In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry solution topology > BlackBerry Domain.
Click Components.
In the BlackBerry Enterprise Server section, click the instance that you want to change.
Click Edit instance.
In the Security section, in the Encryption algorithm drop-down list, click the encryption algorithm that you want the BlackBerry® Enterprise Solution to use.
Click Save all.

After you finish: Re-activate all of the BlackBerry devices in the BlackBerry Domain so that users can send and receive email messages on their BlackBerry devices.

Next topic: Controlling BlackBerry device behavior using IT policies

Previous topic: Configuring security options

Was this information helpful? Send us your comments.

Global Navigation

Help Center

Local Navigation