To permit a third-party encryption scheme to be used in conjunction with BlackBerry Enterprise Solution encryption, set
hashes in hexadecimal, separated by commas. The BlackBerry device reads this information from the command javaloader
siblinginfo <implementation_file.cod> .
Minimum requirements
•
Java® based BlackBerry device
•
BlackBerry® Device Software Version 4.5
•
BlackBerry® Enterprise Server Version 4.1 SP5
Trusted Certificate Thumbprints IT policy rule
Description
This rule specifies the Hex-ASCII certificate thumbprints used on the BlackBerry® device (generated using either the SHA-1
or Message-Digest 5 algorithm). Separate multiple thumbprints with a semi-colon.
Default setting
The default setting is a null value.
Usage
If this IT policy rule is set, the user can only add certificates to the trusted key store that use the thumbprints that appear in
the defined list.
Minimum requirements
•
Java® based BlackBerry device
•
BlackBerry® Device Software Version 3.6
•
BlackBerry® Enterprise Server Version 4.0
•
BlackBerry® Connect™ Transport Stack Version 4.0
Exceptions
The BlackBerry Enterprise Server for Novell® GroupWise® supports this IT policy rule in BlackBerry Device Software Version
4.0 and later.
Weak Digest Algorithms IT policy rule
Description
This rule specifies the digest algorithms that the BlackBerry® device considers weak. When a BlackBerry device sends email
messages, it uses the algorithms that it considers strong to digitally sign the messages. The BlackBerry device uses the list
of weak digest algorithms to verify the following data:
•
algorithms used to digitally sign messages that the BlackBerry device receives are strong enough
•
certificate chains for the certificates used to sign messages that the BlackBerry device receives are strong enough
Default setting
Policy Reference Guide
Security policy group
155