Encryption
About encrypting data in the device memory
When encryption for the device memory is turned on, your BlackBerry® device uses a private key to encrypt data as it is stored on your device,
including data that your device receives when it is locked. Your device decrypts data as you access it.
User Guide
Security
263
You can set encryption to include or exclude your contacts. If you turn on encryption for contacts and you receive a call when your device is
locked, the caller name does not appear on the screen.
If you use a smart card certificate for authentication, depending on the smart card, you might also be able to use one of your smart card
certificates to provide two-factor encryption. In order to access the encrypted content, you must provide your device password and also connect
your device to your smart card reader.
When you lock your device, an open lock indicator appears at the top of the screen to indicate that your device is in the process of securing
your data, which includes deleting a copy of the private key from the temporary device memory. A lock indicator appears at the top of the
screen when your device has deleted the key.
About file encryption
File encryption is designed to protect files that you store in the BlackBerry® device memory and on a media card that can be inserted in your
device. You can encrypt the files in the device memory and on your media card using an encryption key that your device generates, your device
password, or both.
If you encrypt the files using an encryption key that your device generates, you can only access the files on your media card when the media
card is inserted in your device. If you encrypt the files using your device password, you can access the files on your media card in any device
that you insert your media card into, as long as you know the password for the device.
Turn on encryption
To encrypt data in the device memory, you must have set a password for your BlackBerry® device.
Depending on the amount of memory available for storing files in the device memory, you might not be able to encrypt files in the device
memory.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Encryption.
4. Change the Encryption field to Enabled.
5. To encrypt data in the device memory, set the Device Memory field to Enabled.
6. To encrypt files stored on a media card and on your device, set the Media Card field to Enabled and perform one of the following actions:
• To encrypt files using an encryption key that your device generates, change the Mode field to Device.
• To encrypt files using your device password, change the Mode field to Security Password.
• To encrypt files using an encryption key and your device password, change the Mode field to Security Password & Device.
7. To also encrypt media files such as pictures, songs, and videos, set the Include Media Files field to Yes.
8. Press the Menu key.
9. Click Save.
To stop encrypting data in the device memory, change the Device Memory field to Disabled. To stop encrypting files, change the Media
Card field to Disabled.
Related topics
Set a device password, 259
User Guide
Security
264
Set encryption strength
If encryption of data in the device memory is turned on, you can set the strength of the encryption that your BlackBerry® device uses to protect
data that you receive when your device is locked.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Encryption.
4. Set the Strength field.
5. Press the Menu key.
6. Click Save.
Use a certificate to encrypt the encryption keys on your device
To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more information, contact
your administrator.
If you have encryption for data in the BlackBerry device memory turned on and your smart card reader supports this feature, you might be able
to use a certificate from the smart card to encrypt the encryption keys on your device.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Encryption.
4. Change the Two-Factor Protection field to Enabled.
5. Press the Menu key.
6. Click Save.
About encryption keys
If your BlackBerry® device is associated with an email account that uses a BlackBerry® Enterprise Server or BlackBerry® Desktop Redirector,
your device is designed to use an encryption key to protect data as it travels between the BlackBerry Enterprise Server or BlackBerry Desktop
Redirector and your device.
You should generate a new encryption key every 2 weeks.
Generate an encryption key
To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more information, contact
your administrator.
If your BlackBerry device is associated with an email account that uses a BlackBerry Enterprise Server that does not support this feature, you
can generate an encryption key using the BlackBerry® Desktop Manager, if it includes the email settings tool. For more information, see the
online help that is available in the BlackBerry Desktop Manager.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Information.
User Guide
Security
265
4. Highlight a service.
5. Press the Menu key.
6. Click Regenerate Encryption Key.