BlackBerry Bold 9650 - Encryption

background image

Encryption

About encrypting data on your device

When encryption for data on your BlackBerry® device is turned on, your device uses a private key to encrypt data as it is stored

on your device, including data that your device receives when it is locked. Your device decrypts data as you access it.
You can set encryption to include or exclude your contacts. If you turn on encryption for contacts and you receive a call when

your device is locked, the caller name does not appear on the screen.
If you use a smart card certificate for authentication, depending on the smart card, you might also be able to use one of your

smart card certificates to provide two-factor encryption. In order to access the encrypted content, you must provide your

device password and also connect your device to your smart card reader.
When you lock your device, an open lock indicator appears at the top of the screen to indicate that your device is in the

process of securing your data, which includes deleting a copy of the private key from the temporary device memory. A lock

indicator appears at the top of the screen when your device has deleted the key.

About file encryption

File encryption is designed to protect files that you store on your BlackBerry® device and on a media card that can be inserted

in your device. You can encrypt the files on your device and on your media card using an encryption key that your device

generates, your device password, or both.
If you encrypt the files using an encryption key that your device generates, you can only access the files on your media card

when the media card is inserted in your device. If you encrypt the files using your device password, you can access the files on

your media card in any device that you insert your media card into, as long as you know the password for the device.

Turn on encryption

To encrypt data on your BlackBerry® device, you must have set a password for your device.
Depending on the amount of storage space available for storing files on your device, you might not be able to encrypt files on
your device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. To encrypt data on your device, in the Device Memory section, select the Encrypt check box.
4. To encrypt files that are stored on a media card and on your device, select the Media Card check box and do one of the

following:

• To encrypt files using an encryption key that your device generates, change the Mode field to Device Key.

User Guide

Security

255

background image

• To encrypt files using your device password, change the Mode field to Device Password.
• To encrypt files using an encryption key and your device password, change the Mode field to Device Password &

Device Key.

5. To also encrypt media files such as pictures, songs, and videos, select the Include Media Files check box.
6. Press the

key > Save.

To stop encrypting data on your device, clear the Device Memory check box. To stop encrypting files, clear the Media Card

check box.

Set encryption strength

If encryption of data that is stored on your BlackBerry® device is turned on, you can set the strength of the encryption that
your device uses to protect data that you receive when your device is locked.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. Change the Strength field.
4. Press the

key > Save.

Use a certificate to encrypt the encryption keys on your device

To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more

information, contact your administrator.
If you have encryption for data that is stored on your BlackBerry device turned on and your smart card reader supports this
feature, you might be able to use a certificate from the smart card to encrypt the encryption keys on your device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. Select the Two-factor Protection check box.
4. Press the

key > Save.

About encryption keys

If your BlackBerry® device is associated with an email account that uses a BlackBerry® Enterprise Server or BlackBerry® Desktop

Redirector, your device is designed to use an encryption key to protect data as it travels between the BlackBerry Enterprise

Server or BlackBerry Desktop Redirector and your device.
You should generate a new encryption key every 2 weeks.

Generate an encryption key

To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more

information, contact your administrator.

User Guide

Security

256

background image

If your email account uses a BlackBerry Enterprise Server that does not support this feature, you can generate an encryption
key using the BlackBerry® Desktop Software, if it includes the email settings tool. For more information, see the Help in the
BlackBerry Desktop Software.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Security Status Information.
3. Highlight a service.
4. Press the

key.

5. Click Regenerate Encryption Key.