To require the BlackBerry device user to use PGP encryption when forwarding or replying to messages, you can configure
the PGP Force Digital Signature IT policy rule and the PGP Force Encrypted Messages IT policy rule.
The PGP Support Package for BlackBerry smartphones is designed to support encoding and decoding Unicode messages
and permits PGP encryption using keys or passwords. The PGP Support Package for BlackBerry smartphones permits the
BlackBerry device to encrypt PGP protected email messages or PGP protected PIN messages using a password that the
sender and recipient both know.
For more information about the OpenPGP format, see RFC 2440. For more information about the PGP/MIME format, see
RFC 3156.
Configure the BlackBerry Enterprise Solution to support PGP encryption
1.
Configure the PGP Universal Server Address IT policy rule in the IT policy that you assign to BlackBerry device users.
2.
Instruct users to install the PGP Support Package for BlackBerry smartphones on BlackBerry devices.
3.
Instruct users to enroll with the PGP Universal Server when the BlackBerry devices prompt them to so that the
BlackBerry devices can process PGP protected messages.
Extending messaging security using S/MIME
encryption
You can extend messaging security for the BlackBerry Enterprise Solution and permit a BlackBerry device user to send and
receive S/MIME-protected email messages and S/MIME-protected PIN messages on a BlackBerry device.
To extend messaging security, you or the BlackBerry device user must install the S/MIME Support Package for BlackBerry
smartphones on the BlackBerry device and transfer the S/MIME private key of the BlackBerry device user to the
BlackBerry device. The S/MIME Support Package for BlackBerry smartphones is designed to work with email applications
such as Microsoft Outlook, Microsoft Outlook Express, and IBM Lotus Notes, and with PKIs such as Netscape, Entrust
Authority Security Manager version 5 and later, and Microsoft certification authorities.
The BlackBerry device user uses the S/MIME private key to decrypt S/MIME-protected messages on the BlackBerry device
and to sign, encrypt, and send S/MIME-protected messages from the BlackBerry device. If the BlackBerry Enterprise
Server receives an S/MIME-encrypted message but the BlackBerry device user did not install the S/MIME Support Package
for BlackBerry smartphones, the BlackBerry Enterprise Server sends a message to the BlackBerry device to indicate that
the BlackBerry device does not support S/MIME-encrypted messages.
After the BlackBerry device user installs the S/MIME Support Package for BlackBerry smartphones, the BlackBerry device
user can synchronize and manage S/MIME certificates and S/MIME private keys using the certificate synchronization tool
of the BlackBerry Desktop Manager. The BlackBerry Enterprise Server does not apply an appended disclaimer to S/MIME-
protected messages that the BlackBerry device user sends from the BlackBerry device. Digital signatures on S/MIME-
protected messages that the BlackBerry device sends are not valid if disclaimers are appended to the messages.
To require the BlackBerry device user to use S/MIME encryption when forwarding or replying to messages, you can
configure the S/MIME Force Digital Signature IT policy rule and the S/MIME Force Encrypted Messages IT policy rule.
The S/MIME Support Package for BlackBerry smartphones is also designed to support the following features:
• Encoding and decoding of Unicode messages
Administration Guide
Configuring security options
62