Key stores
About the key store
The key store on your BlackBerry® device might store the following items. To access these items in the key store, you must type a key store
password.
•
personal certificates (certificate and private key pairs)
•
certificates that you download using the certificate synchronization tool of the BlackBerry® Desktop Manager
•
certificates that you download from an LDAP or DSML certificate server
•
certificates that you download from a certificate authority profile
•
certificates that you import from the device memory or a media card
•
certificates that you add from a message
•
root certificates that are included in the BlackBerry® Desktop Software
•
personal PGP® keys (public and private key pairs)
•
PGP public keys that you download from an LDAP certificate server
•
PGP public keys that you import from the device memory or a media card
•
PGP public keys that you add from a message
User Guide
Security
283
Change the key store password
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Press the Menu key.
6. Click Change Password.
Synchronize the key store password with the device password
If you synchronize the key store password with the device password, when you change the device password, the key store password changes
to match it automatically.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Synchronize Key Store Password to Device Password field to Yes.
6. Press the Menu key.
7. Click Save.
Change when your device deletes the key store password
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Private Key Password Timeout field.
6. Press the Menu key.
7. Click Save.
To access private keys after your BlackBerry® device deletes the key store password, you must type your key store password.
Add contacts to your contact list automatically when you add items to the key store
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Key Store Address Injector field to Enabled.
6. Press the Menu key.
7. Click Save.
User Guide
Security
284
Change the service that your device uses to download certificates
Depending on your organization, you might not be able to change the service that your BlackBerry® device uses to download certificates. For
more information, contact your administrator.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Certificate Service field.
6. Press the Menu key.
7. Click Save.
Turn off automatic backup and restore of key store data
By default, items in the key store on your BlackBerry® device are backed up or restored when you back up or restore your device data. If you
do not want to back up your private key to or restore your private key from your computer for security reasons, you can turn off automatic
backup and restore of key store data.
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Allow Key Store Backup/Restore field to No.
6. Press the Menu key.
7. Click Save.
To turn on automatic backup and restore of key store data, change the Allow Key Store Backup/Restore field to Yes.
Change the refresh rate for certificate revocation lists
1.
On the Home screen or in a folder, click the Options icon.
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Certificate Status Expires After field.
6. Press the Menu key.
7. Click Save.
Your BlackBerry® device downloads a new revocation status automatically when your device uses a key store item with a status that is older
than the time limit that you set.
Reject certificate revocation lists from unverified CRL servers
1.
On the Home screen or in a folder, click the Options icon.
User Guide
Security
285
2. Click Security Options.
3. Click Advanced Security Options.
4. Click Key Stores.
5. Change the Accept Unverified CRLs field to No.
6. Press the Menu key.
7. Click Save.
Your BlackBerry® device rejects certificate revocation lists from CRL servers that the BlackBerry® MDS Connection Service cannot verify.