Configuring security options
Encrypting data that the BlackBerry
Enterprise Server and a BlackBerry device
send to each other
To encrypt data that is in transit between the BlackBerry Enterprise Server and a BlackBerry device in your organization,
the BlackBerry Enterprise Solution uses BlackBerry transport layer encryption. BlackBerry transport layer encryption is
designed to encrypt data from the time that a BlackBerry device user sends a message from the BlackBerry device to when
the BlackBerry Enterprise Server receives the message, and from the time that the BlackBerry Enterprise Server sends a
message to when the BlackBerry device receives the message.
Before the BlackBerry device sends a message, it compresses and encrypts the message using the device transport key.
When the BlackBerry Enterprise Server receives a message from the BlackBerry device, the BlackBerry Dispatcher
decrypts the message using the device transport key, and then decompresses the message.
Algorithms that the BlackBerry Enterprise Solution
uses to encrypt data
The BlackBerry Enterprise Solution uses AES or Triple DES as the symmetric key cryptographic algorithm for encrypting
data. By default, the BlackBerry Enterprise Server uses the strongest algorithm that both the BlackBerry Enterprise Server
and the BlackBerry device support for BlackBerry transport layer encryption.
If you configure the BlackBerry Enterprise Server to support AES and Triple DES, by default, the BlackBerry Enterprise
Solution generates device transport keys using AES encryption. If a BlackBerry device uses BlackBerry Device Software
version 3.7 or earlier or BlackBerry Desktop Software version 3.7 or earlier, the BlackBerry Enterprise Solution generates
the device transport keys of the BlackBerry device using Triple DES.
5
Administration Guide
Configuring security options
58