05-26-2009, 03:09 PM
|
 |
Proprietor
|
|
Join Date: Nov 2008
Posts: 2,036
|
|
KB13160 - BES encryption algorithms and the impact to BlackBerry smartphone users
KB13160 - BlackBerry Enterprise Server encryption algorithms and the impact to BlackBerry smartphone users
Environment
- BlackBerry® Enterprise Server version 4.0 to 4.1.6
Overview
BlackBerry Enterprise Server uses two types of encryption algorithms:
- Triple Data Encryption Standard (Triple DES)
- Advanced Encryption Standard (AES)
BlackBerry Enterprise Server encryption algorithms can be implemented in three ways:
- Triple DES
- AES
- Triple DES and AES (both encryption types are supported and any BlackBerry smartphone using Triple DES will eventually be upgraded to AES)
If the encryption algorithm is to be changed on the BlackBerry Enterprise Server from one setting to another, the following must be considered:
- When changing from Triple DES encryption to AES encryption - BlackBerry smartphone users must manually regenerate an encryption key from the smartphone. For more information, see KB10836.
- When changing from AES encryption to Triple DES encryption - BlackBerry smartphone users must manually regenerate an encryption key from the smartphone. For more information, see KB10836.
- When changing from Triple DES encryption to Triple DES and AES encryption - BlackBerry smartphone users will be automatically be updated to AES encryption.
- When changing from AES encryption to Triple DES and AES encryption - nothing will change because the BlackBerry smartphone is already using AES encryption.
- When changing from Triple DES and AES encryption to AES encryption - nothing will change because the BlackBerry smartphone is already using AES encryption.
- When changing from Triple DES and AES encryption to Triple DES encryption - BlackBerry smartphone users will have to manually regenerate an encryption key from the BlackBerry smartphone. For more information, see KB10836.
In environments where there is more than one BlackBerry Enterprise Server sharing a single BlackBerry Configuration Database, the option to move a BlackBerry smartphone user from one BlackBerry Enterprise Server to another BlackBerry Enterprise Server is available. If the encryption algorithms are different between the two BlackBerry Enterprise Servers, different scenarios occur as follows:
- When a BlackBerry smartphone user is moved from a BlackBerry Enterprise Server with Triple DES and AES encryption selected to a BlackBerry Enterprise Server with Triple DES encryption, the BlackBerry smartphone must be re-activated because the encryption will be downgrading to from AES encryption to Triple DES encryption.
- When a BlackBerry smartphone user is moved from a BlackBerry Enterprise Server with Triple DES encryption to a BlackBerry Enterprise Server with Triple DES and AES encryption selected, the BlackBerry smartphone user will continue to use the smartphone Triple DES encryption until a new encryption key is generated either manually, through the policy interval settings on the BlackBerry Enterprise Server or 30 days passes. The new key will use AES encryption.
- When a BlackBerry smartphone user is moved from a BlackBerry Enterprise Server with Triple DES encryption to a BlackBerry Enterprise Server with AES encryption, the BlackBerry smartphone will have to be re-activated.
- When a BlackBerry smartphone user is moved from a BlackBerry Enterprise Server with AES encryption to a BlackBerry Enterprise Server with Triple DES encryption, the BlackBerry smartphone will have to be re-activated.
- When a BlackBerry smartphone user is moved from a BlackBerry Enterprise Server with AES encryption to a BlackBerry Enterprise Server with Triple DES and AES encryption selected, there will be no change in the encryption on the BlackBerry smartphone.
__________________
http://blog.port3101.org/hdawg/
The views expressed by me on Port3101 and its affiliated sites are my own and do not necessarily reflect the views of my employer.
|
Linear Mode
