BlackBerry Bold 9650 - S/MIME-protected messages

background image

S/MIME-protected messages

S/MIME-protected message basics

About signing and encrypting messages

If your email account uses a BlackBerry® Enterprise Server that supports this feature, you can digitally sign or encrypt messages

to add another level of security to email and PIN messages that you send from your BlackBerry device. Digital signatures are

designed to help recipients verify the authenticity and integrity of messages that you send. When you digitally sign a message

using your private key, recipients use your public key to verify that the message is from you and that the message has not been

changed.
Encryption is designed to keep messages confidential. When you encrypt a message, your device uses the recipient’s public key

to encrypt the message. Recipients use their private key to decrypt the message.
To send an encrypted PIN message, you must have a PIN and an email address for the contact in your contact list. Your device

uses the email address in your contact list to locate a PGP® key or certificate for the contact.

User Guide

Messages

92

background image

Sign or encrypt a message

You can sign or encrypt email and PIN messages.
1. When you are composing a message, change the Encoding field.
2. If necessary, change the Classification field.

Related topics

Some signing and encryption options are not available on my device, 98

Encrypt a message with a pass phrase

Your BlackBerry® device can encrypt email and PIN messages using a pass phrase shared between the sender and recipient.
1. In an unsent message, set the Encoding field to Encrypt or Sign and Encrypt.
2. Press the

key > Options.

3. Select the Use Password-Based Encryption check box.
4. In the Allowed Content Ciphers section, select the check box beside one or more allowed content ciphers.
5. If you are signing the message, in the Signing Options section, select a certificate.
6. Press the

key > Save.

7. Type your message.
8. Press the

key > Send.

9. Type a pass phrase to encrypt the message.
10. Confirm the pass phrase.
11. Click OK.

Using a secure method, let the recipient know what the pass phrase is.

Attach a certificate to a message

You can attach a certificate to email and PIN messages.
1. When composing a message, press the

key > Attach > Certificate.

2. Highlight a certificate.
3. Press the

key > Continue.

Download the certificate used to sign or encrypt a message

If a certificate is not included in a received message or is not already stored in the key store on your BlackBerry® device, you
can download the certificate.
1. In a message, highlight the encryption indicator or a digital signature indicator.
2. Press the

key > Fetch Sender’s Certificate.

Add a certificate from a message

1. In a message, highlight a digital signature indicator.
2. Press the

key > Import Sender’s certificate.

User Guide

Messages

93

background image

Add a certificate from an attachment

1. In a message, click the certificate attachment.
2. Click Retrieve Certificate Attachment.
3. Click the certificate.
4. Click Import Certificate.

Attachment indicators in S/MIME-protected messages

Indicator

Description

The message includes a certificate attachment.

The message includes multiple certificate attachments.

The message includes a certificate server attachment.

Add connection information for a certificate server from a message

1. In a message, highlight the certificate server indicator.
2. Press the

key > Import Server.

View the certificate used to sign or encrypt a message

1. In a message, highlight the encryption status indicator or a digital signature indicator.
2. Press the

key > Display Sender's Certificate or Display Encryption Certificate.

View encryption information for a weakly encrypted message

1. In a weakly encrypted message, highlight the encryption status indicator.
2. Press the

key > Encryption Details.

S/MIME-protected message status

Digital signature indicators for S/MIME-protected messages

Indicator

Description

Your BlackBerry® device verified the digital signature.

Your device cannot verify the digital signature.

Your device requires more data to verify the digital signature.

User Guide

Messages

94

background image

Indicator

Description

Your device trusts the certificate chain.

The sender’s email address does not match the email address
of the certificate subject, or the sender’s certificate is revoked,
is not trusted, cannot be verified, or is not on your device.
The certificate is weak, the certificate status is not current, or
your device requires more data to verify the trust status of the
certificate.
The sender’s certificate is expired.

Encryption status indicators

Your administrator sets whether messages that you receive are considered to be strong or weak.

Indicator

Description

The message is strongly encrypted.

The message is weakly encrypted.

S/MIME-protected message options

Change your signing or encryption certificate

Your BlackBerry® device uses your encryption certificate to encrypt messages in the Sent Items folder and includes your
encryption certificate in messages that you send so that recipients can encrypt their reply messages.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. In the Signing Options section or the Encryption Options section, change the Certificate field.
4. Press the

key > Save.

Related topics

Some signing and encryption options are not available on my device, 98

Change options for downloading attachments in encrypted messages

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.

• To download attachments in encrypted messages automatically, change the Allow encrypted attachment viewing and

retrieve encrypted attachment information field to Automatically.

User Guide

Messages

95

background image

• To download attachments in encrypted messages manually, change the Allow encrypted attachment viewing and

retrieve encrypted attachment information field to Manually.

• To prevent your BlackBerry® device from downloading attachments in encrypted messages, change the Allow

encrypted attachment viewing and retrieve encrypted attachment information field to Never.

3. Press the

key > OK.

Change the default signing and encryption option

Your BlackBerry® device is designed to use the default signing and encryption option when you send a message to a contact
that you have not sent a message to or received a message from previously. If you have sent a message to or received a
message from the contact previously, your device tries to use the signing and encryption option that was used for the last
message.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME or PGP.
3. Change the Default Encoding field.
4. Press the

key > Save.

Related topics

Some signing and encryption options are not available on my device, 98

About message classifications

If your BlackBerry® device is associated with an email account that uses a BlackBerry® Enterprise Server that supports this

feature and your administrator turns on message classifications, the BlackBerry Enterprise Server applies a minimum set of

security actions to each message that you compose, forward, or reply to, based on the classification that you assign to the

message. Your administrator specifies the message classifications that you can use.
If you receive a message that uses message classifications, you can view the abbreviation for the classification in the subject

line of the message and the full description for the classification in the body of the message. You can also view the abbreviation

and full description for the classification for a sent message in the sent items folder.

Change the default message classification

To perform this task, your email account must use a BlackBerry® Enterprise Server that supports this feature and your

administrator must turn on message classifications.
Your BlackBerry device is designed to use the default message classification when you send a message to a contact that you
have not sent a message to or received a message from previously. If you have sent a message to or received a message from
the contact previously, your device tries to use the message classification that was used for the last message.
1. On the Home screen or in a folder, click the Options icon.
2. Click Device > Advanced System Settings > Default Services.
3. Change the Default Encoding field.
4. Press the

key > Save.

User Guide

Messages

96

background image

Change the size of S/MIME indicators in messages

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. Change the Message Viewer Icons field.
4. Press the

key > Save.

Change the encryption algorithms for S/MIME-protected messages

If a message has multiple recipients, your BlackBerry® device uses the first selected encryption algorithm in the list that all
recipients are known to support.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. Select the check box beside one or more encryption algorithms.
4. Press the

key > Save.

Request delivery notification for signed S/MIME-protected messages

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. Select the Request S/MIME Receipts check box.
4. Press the

key > Save.

Turn off the prompt that appears before an S/MIME-protected message is truncated

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. Change the Message truncation mode field to Send Anyway or More All and Send.
4. Press the

key > Save.

To turn on the prompt again, change the Message truncation mode field to Prompt User.

Turn off the prompt that appears when you use an S/MIME certificate that is not recommended
for use

1. On the Home screen or in a folder, click the Options icon.
2. Click Security > S/MIME.
3. Clear the Warn about problems with my certificates check box.
4. Press the

key > Save.

To turn on the prompt again, select the Warn about problems with my certificates check box.

User Guide

Messages

97

background image

S/MIME-protected message troubleshooting

Some signing and encryption options are not available on my device

Try performing the following actions:

• Verify that the email account that you are using supports all signing and encryption options.
• If you use message classifications, verify that the message classification supports the signing or encryption options that

you want. Try using a different message classification.

I cannot open an attachment in an encrypted message

The attachment information might not be available on the BlackBerry® Enterprise Server, your administrator might have set
options to prevent you from opening attachments in encrypted messages, or you might have received the message from an
email account that does not support attachments in encrypted messages.
You cannot open an attachment in a PGP® protected message that was encrypted using the OpenPGP format by an IBM® Lotus
Notes® client working with PGP® Desktop Professional or that was encrypted by the PGP® Universal Server.