BlackBerry Passport - Securing your email

background image

Securing your email

You can digitally sign or encrypt messages if you use a work email account that supports S/MIME or PGP protected

messages or IBM Notes email encryption on your BlackBerry device. Digitally signing or encrypting messages adds another

level of security to email messages that you send from your device.
Digital signatures are designed to help recipients verify the authenticity and integrity of messages that you send. With S/

MIME-protected messages, when you digitally sign a message using your private key, recipients use your public key to

verify that the message is from you and that the message hasn't been changed.
Encryption is designed to keep messages confidential. With S/MIME-protected messages, when you encrypt a message,

your device uses the recipient’s public key to encrypt the message. Recipients use their private key to decrypt the

message.
Even if your email account isn't supported by an EMM solution from BlackBerry, if it's supported by Microsoft Exchange

ActiveSync and your organization uses an LDAP directory, you can encrypt your messages using S/MIME.
If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt

messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted

email messages. You need to store your private key on your device to send digitally signed email messages.

User Guide

BlackBerry Hub and email

75

background image

If your device is associated with a CRL or an OCSP server, when you add recipients to an encrypted message, your device

tries to retrieve a certificate status for each recipient. You are unable to send the message until certificate statuses are

received for all recipients. If certificates can't be found or are invalid, the recipients' names appear as red.

Set up S/MIME-protected messaging

You need to store a private key and certificate on your BlackBerry device to send digitally signed or encrypted email
messages using S/MIME-protected messaging. You can store a key and certificate by importing the files from a work email
message or a media card.
If you have a work email account that is supported by an EMM solution from BlackBerry and a personal Microsoft Exchange
ActiveSync account, when you import a certificate from the personal space on your device, you can store it in the keystore
in your work or personal space.
Your BlackBerry device supports keys and certificates in the following file formats and file name extensions:

• PEM (.pem, .cer)
• DER (.der, .cer)
• PFX (.pfx, .p12)

1.

Open a work email message with a certificate attachment.

2.

Tap

.

3.

If necessary, enter the password.

4.

Tap Import or Import All.

5.

Tap

.

6.

In the BlackBerry Hub, tap

>

> Email Accounts.

7.

Tap an account.

8.

Tap Secure Email Settings.

9.

If necessary, tap the S/MIME tab.

10. Turn on the S/MIME switch.
11. Under Signing Certificate, in the drop-down list, tap the certificate that you imported.
12. Under Encryption Certificate, in the drop-down list, tap the certificate that you imported.

Set up PGP protected messaging

If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt
messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted
email messages. You need to store your private key on your device to send digitally signed email messages.
Your device supports keys in the following formats and file name extensions:

• PEM (.pem, .cer)
• ASC (.asc)

User Guide

BlackBerry Hub and email

76

background image

1.

Open a work email message with a PGP key attachment.

2.

Tap

.

3.

Tap Import or Import All.

4.

If necessary, enter the password.

5.

Tap

.

6.

In the BlackBerry Hub, tap

>

> Email Accounts.

7.

Tap an account.

8.

Tap Secure Email Settings.

9.

If necessary, tap the PGP tab.

10. Turn on the PGP switch.
11. Under PGP Signing Key, in the drop-down list, tap the key that you imported.
12. Under PGP Encryption Key, in the drop-down list, tap the key that you imported.

Turn on IBM Notes email encryption

A work account that supports IBM Notes email encryption must be added to your device.

1.

In the BlackBerry Hub, tap

>

> Email Accounts.

2.

Tap an account.

3.

Tap Secure Email Settings.

4.

If necessary, tap the NNE tab.

5.

Turn on the NNE switch.

Sign or encrypt a message

You must use a work email account that supports IBM Notes mail encryption to send an encrypted email message, or an
email account that supports S/MIME or PGP protected messages to send a signed or encrypted email message.

1.

When you compose a message, slide your finger down on the screen.

2.

In the drop-down list, tap a signing or an encryption option.

Note: If your BlackBerry device is associated with a CRL or an OCSP server, when you add recipients to an encrypted
message, your device tries to retrieve a certificate status for each recipient. You are unable to send the message until
certificate statuses are received for all recipients. If certificates can't be found or are invalid, the recipients' names appear
as red.

User Guide

BlackBerry Hub and email

77