Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación descargar pdf (Pagina 18)

BlackBerry Enterprise Solution Security

Extending BlackBerry device messaging security 18

If the PGP Support Package is installed on a BlackBerry device, when the BlackBerry device receives a message,

the PGP message is encrypted with standard BlackBerry encryption and then decrypted, using the following

process:

1. The BlackBerry Enterprise Server receives the PGP protected message.

2. The BlackBerry Enterprise Server uses standard BlackBerry encryption to encrypt the PGP data.

3. The BlackBerry Enterprise Server sends the encrypted message to the BlackBerry device.

4. The BlackBerry device removes the BlackBerry standard encryption and stores the PGP data.

5. When the user opens the message on the BlackBerry device, the BlackBerry device decrypts the message

and renders the message.

PGP encryption algorithms

RIM recommends using a strong algorithm for PGP encryption. The PGP Allowed Content Ciphers IT policy rule

default setting specifies that the BlackBerry device can use any of the supported algorithms to encrypt PGP

messages. You can set the PGP Allowed Content Ciphers IT policy rule to encrypt PGP messages using any of

AES (256-bit), AES (192-bit), AES (128-bit), CAST (128-bit), and Triple DES.

The message recipient’s PGP key indicates which content ciphers the recipient can support, and the BlackBerry

device is designed to use one of those ciphers. The BlackBerry device encrypts the message using Triple DES by

default if the recipient’s PGP key does not include a list of ciphers.

See the PGP Support Package White Paper for more information.

S/MIME Support Package

The S/MIME Support Package is designed to enable a user who is already sending and receiving S/MIME

messages using their desktop email program to send and receive S/MIME protected messages using their

BlackBerry device.

The S/MIME Support Package includes support for the following:

• certificate and private key synchronization and management using the Certificate Synchronization Manager

included in the BlackBerry Desktop Software

• encrypting and decrypting messages, including personal identification number (PIN) messages, verifying

digital signatures, and digitally signing outgoing messages

• wireless fetching of certificates and certificate status using PKI protocols

• smart cards on the BlackBerry device

PKI component support

The S/MIME Support Package is designed to support the following PKI components:

• LDAP: The BlackBerry device and the BlackBerry Certificate Synchronization Manager use LDAP to search

for and download certificates.

• OCSP: The BlackBerry device and the BlackBerry Certificate Synchronization Manager use OCSP to check

the certificate revocation status on demand.

• CRL: The BlackBerry device and the BlackBerry Certificate Synchronization Manager obtain the most recent

certificate revocation status, published at a frequency set on the CA server, from CRLs.

S/MIME encryption

If the S/MIME Support Package is installed on a BlackBerry device, when the user sends a message, the

BlackBerry device encrypts the message once with S/MIME encryption and once with standard BlackBerry

encryption, using the following process:

www.blackberry.com

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 51 52

Comentarios a estos manuales

Sin comentarios

Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación Pagina 18

Comentarios a estos manuales

Relacionado con productos y manuales para Software Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 -