Securing your email
You can digitally sign or encrypt messages if you use a work email account that supports S/MIME or PGP protected
messages or IBM Notes email encryption on your BlackBerry device. Digitally signing or encrypting messages adds another
level of security to email messages that you send from your device.
User Guide
BlackBerry Hub and email
77
Digital signatures are designed to help recipients verify the authenticity and integrity of messages that you send. With S/
MIME-protected messages, when you digitally sign a message using your private key, recipients use your public key to
verify that the message is from you and that the message hasn't been changed.
Encryption is designed to keep messages confidential. With S/MIME-protected messages, when you encrypt a message,
your device uses the recipient’s public key to encrypt the message. Recipients use their private key to decrypt the
message.
Even if your email account isn't supported by an EMM solution from BlackBerry, if it's supported by Microsoft Exchange
ActiveSync and your organization uses an LDAP directory, you can encrypt your messages using S/MIME.
If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt
messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted
email messages. You need to store your private key on your device to send digitally signed email messages.
If your device is associated with a CRL or an OCSP server, when you add recipients to an encrypted message, your device
tries to retrieve a certificate status for each recipient. You are unable to send the message until certificate statuses are
received for all recipients. If certificates can't be found or are invalid, the recipients' names appear as red.
Set up S/MIME-protected messaging
You need to store a private key and certificate on your BlackBerry device to send digitally signed or encrypted email
messages using S/MIME-protected messaging. You can store a key and certificate by importing the files from a work email
message or a media card.
If you have a work email account that is supported by an EMM solution from BlackBerry and a personal Microsoft Exchange
ActiveSync account, when you import a certificate from the personal space on your device, you can store it in the keystore
in your work or personal space.
Your BlackBerry device supports keys and certificates in the following file formats and file name extensions:
• PEM (.pem, .cer)
• DER (.der, .cer)
• PFX (.pfx, .p12)
1.
Open a work email message with a certificate attachment.
2.
Tap
.
3.
If necessary, enter the password.
4.
Tap Import or Import All.
5.
Tap
.
6.
In the BlackBerry Hub, tap
>
> Email Accounts.
7.
Tap an account.
8.
Tap Secure Email Settings.
9.
If necessary, tap the S/MIME tab.
10. Turn on the S/MIME switch.
11. Under Signing Certificate, in the drop-down list, tap the certificate that you imported.
User Guide
BlackBerry Hub and email
78
12. Under Encryption Certificate, in the drop-down list, tap the certificate that you imported.
Set up PGP protected messaging
If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt
messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted
email messages. You need to store your private key on your device to send digitally signed email messages.
Your device supports keys in the following formats and file name extensions:
• PEM (.pem, .cer)
• ASC (.asc)
1.
Open a work email message with a PGP key attachment.
2.
Tap
.
3.
Tap Import or Import All.
4.
If necessary, enter the password.
5.
Tap
.
6.
In the BlackBerry Hub, tap
>
> Email Accounts.
7.
Tap an account.
8.
Tap Secure Email Settings.
9.
If necessary, tap the PGP tab.
10. Turn on the PGP switch.
11. Under PGP Signing Key, in the drop-down list, tap the key that you imported.
12. Under PGP Encryption Key, in the drop-down list, tap the key that you imported.
Turn on IBM Notes email encryption
A work account that supports IBM Notes email encryption must be added to your device.
1.
In the BlackBerry Hub, tap
>
> Email Accounts.
2.
Tap an account.
3.
Tap Secure Email Settings.
4.
If necessary, tap the NNE tab.
5.
Turn on the NNE switch.
Sign or encrypt a message
You must use a work email account that supports IBM Notes mail encryption to send an encrypted email message, or an
email account that supports S/MIME or PGP protected messages to send a signed or encrypted email message.
User Guide
BlackBerry Hub and email
79
1.
When you compose a message, slide your finger down on the screen.
2.
In the drop-down list, tap a signing or an encryption option.
Note: If your BlackBerry device is associated with a CRL or an OCSP server, when you add recipients to an encrypted
message, your device tries to retrieve a certificate status for each recipient. You are unable to send the message until
certificate statuses are received for all recipients. If certificates can't be found or are invalid, the recipients' names appear
as red.