Rate this Entry

5 : Excellent 4 : Good 3 : Average 2 : Bad 1 : Terrible

BlackBerry Encryption Keys

Posted 08-04-2009 at 05:00 AM by hdawg

Tags 3des, aes, bb encryption, bes encryption, encryption key

---

Here are three KB articles that give you just that little bit of valuable insight into encryption key data within the BlackBerry Enterprise Solution ...

KB04725 - Identifying BlackBerry smartphone encryption method
KB05429 - Recommendation on the use of Triple DES or AES for BlackBerry transport
KB12821 - Change the encryption method on the BlackBerry Enterprise Server

If you want to see the actual keys, take a look at the UserConfig table in your BlackBerry Configuration Database. I don't recommend you go in there any start poking around unless you know what you're doing, as you could seriously mess up your environment.

But for those that just want to know, go take a peek!

Posted in Uncategorized

Views 1726 Comments 3

Comments

1. When I came onboard a few months ago one of the first things I did was discover that our Hong Kong BES was running 3DES only. At the last minute the change control to upgrade to 3DES + AES was rejected on the basis of some ambiguous legal language about China not allowing > 128 bit encryption, which I could not verify or pin down since it seemed to come from a 13 year old legal document with little relevance to today's world. Even the local Hong Kong BES admin was perplexed. The key takeway is that changing from 3DES to 3DES + AES will not impact your environment at all, the devices will upgrade in the background over a 30 day period to AES as their 3DES keys expire. No reactivations or other intervention needed.

   Posted 08-04-2009 at 10:41 AM by mahoward

2. 	Thanks for the input on your experience!
   	Posted 08-04-2009 at 09:28 PM by hdawg

3. It is probably interesting, that the first byte of the key seems to contain the encryption method: 0x01 for 3DES 0x02 for AES In SQL this query should find all the guys still using 3DES: SELECT Id, DisplayName FROM UserConfig WHERE SUBSTRING(CurrentKey,1,1)=0x01 However, I found quite a few active users having empty keys (0x or 0x0000...). I have no clue, what that means. BBUA reports Encryption Type = "N/A" in that case. Let's see what T-Support answers Greetings, Neo3000

   Posted 12-21-2009 at 06:05 AM by Neo3000

hdawg

• Join Date Nov 2008
• Posts 2,237
• Blog Entries 147

• Find Blog Entries by hdawg

  Containing Text: Search Titles Only

  Advanced Search
• Blog Categories

  Global Categories

  • Product Reviews
  • Tips & Tricks
  • Wireless Enterprise Symposium

  Local Categories

  • Uncategorized
• Recent Comments

  • BES Logs ... What's in them? Part 6 of 20 (DISP log) by hdawg
  • BES Logs ... What's in them? Part 14 of 20 (PhoneCall/PIN/SMS logs) by hdawg
  • BES Logs ... What's in them? Part 8 of 20 (MDAT log) by dieter_m
  • Script to grab some user info and handheld free memory by PSCArmstrSM
  • BES Logs ... What's in them? Part 15 of 20 (OutOfCoverage.exe BRK Tool) by cons32
• Recent Entries

  • BES 5.0 SP2 MR4 for Exchange Released
  • Space allocation in the BES Config Database for users
  • iOS 4 and Exchange ActiveSync broken?
  • Free tool: Certificate Manager for Exchange 2007
  • How much data do you use?
• Recent Visitors

  • Clark76
  • Doug Koch
  • dpvone
  • javajunkee
  • lion77
  • Lrun
  • mjw1
  • PSCArmstrSM
  • rey.david991
  • sexybdy
• Tag Cloud

  besmgmt database size

  Search by Tag

• Archive
  <      February 2012
  Su	Mo	Tu	We	Th	Fr	Sa
  22	23	24	25	26	27	28
  29	30	31	1	2	3	4
  5	6	7	8	9	10	11
  12	13	14	15	16	17	18
  19	20	21	22	23	24	25
  26	27	28	29	1	2	3