With regard to a post by Mr. E:
"KB13160 - BlackBerry Enterprise Server encryption algorithms and the impact to BlackBerry smartphone users"

The 3rd entry under the things to consider heading states:
"When changing from Triple DES encryption to Triple DES and AES encryption - BlackBerry smartphone users will be automatically be updated to AES encryption."

I would like to change the encryption algorithm from 3DES to 3DES & AES so that I can start to get the majority of my devices up to AES encryption.

The server states that:
Set the encryption algorithm to use for all BlackBerry data: Triple Data Encryption Standard (DES), Advanced Encryption Standard (AES), or both. Warnings:Changing encryption algorithms stops basic operation of the BlackBerry device. Reconnect the BlackBerry device or perform a wireless enterprise activation to send and receive messages on the BlackBerry device again.

If I change the setting to "3DES and AES", will the server require me to do wireless enterprise activations on all my devices, or is it a seamless change to the user?

Running 4.1.5.24

Any help would be greatly appreciated as I would hate to make this change and then have all my users screaming!

Regards,

Bryan

I was assured by RIM that changing from 3DES to 3DES+AES would gradually, automatically, in the background, upgrade all AES capable devices over 30 days as their keys expired. The devices would regenerate silently a new AES key without user intervention or reactivation.

I however did not make the change, as it was denied at the last minute due to security concerns about Chinese govt not allowing encryption over 128bits. (This was a HK BES server)

So no guarantees but do what I did and have RIM confirm this for you to cover your own butt in case the worst should happen...

Should be seamless. I've done it for 4 BES Servers. The preferred encryption between Blackberry and BES is AES, so if you are at 3DES now and move to 3DES and AES the Blackberries and BES will automatically moved to AES encryption. If you have an older device that doesn't support AES it will stay at 3DES.

I saw the warning message and stop at it as well until I had spoken with RIM support.

__________________
AUTIGER92
Exchange\Blackberry Admin
4 - BES Servers (4.1.6), 3 Exchange Organizations,
~1800 BB Users, and a headache.
War Eagle!!

Your pre-4.0 devices that use 3DES will remain on 3DES, while all other devices that support AES will update to AES. You could then look into slowly migrating to AES only (provided your security department would recommend and approve this change), although you'd want to validate that no 3.x devices still exist in the environment.

__________________
BCSA (4.1, 5.0) | BCSD (4.1, 5.0)

The views expressed by me on Port3101.org are my own and do not necessarily reflect the views of my employer.

Just made the change this week on a BES (4.1) with 130 users. No problem.

Thanks for the followup!