Encryption
About encrypting data on your device
When encryption for data on your BlackBerry® device is turned on, your device uses a private key to encrypt data as it is stored
on your device, including data that your device receives when it is locked. Your device decrypts data as you access it.
You can set encryption to include or exclude your contacts. If you turn on encryption for contacts and you receive a call when
your device is locked, the caller name does not appear on the screen.
If you use a smart card certificate for authentication, depending on the smart card, you might also be able to use one of your
smart card certificates to provide two-factor encryption. In order to access the encrypted content, you must provide your
device password and also connect your device to your smart card reader.
When you lock your device, an open lock indicator appears at the top of the screen to indicate that your device is in the
process of securing your data, which includes deleting a copy of the private key from the temporary device memory. A lock
indicator appears at the top of the screen when your device has deleted the key.
About file encryption
File encryption is designed to protect files that you store on your BlackBerry® device and on a media card that can be inserted
in your device. You can encrypt the files on your device and on your media card using an encryption key that your device
generates, your device password, or both.
If you encrypt the files using an encryption key that your device generates, you can only access the files on your media card
when the media card is inserted in your device. If you encrypt the files using your device password, you can access the files on
your media card in any device that you insert your media card into, as long as you know the password for the device.
Turn on encryption
To encrypt data on your BlackBerry® device, you must have set a password for your device.
Depending on the amount of storage space available for storing files on your device, you might not be able to encrypt files on
your device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. To encrypt data on your device, in the Device Memory section, select the Encrypt check box.
4. To encrypt files that are stored on a media card and on your device, select the Media Card check box and do one of the
following:
• To encrypt files using an encryption key that your device generates, change the Mode field to Device Key.
User Guide
Security
255
• To encrypt files using your device password, change the Mode field to Device Password.
• To encrypt files using an encryption key and your device password, change the Mode field to Device Password &
Device Key.
5. To also encrypt media files such as pictures, songs, and videos, select the Include Media Files check box.
6. Press the
key > Save.
To stop encrypting data on your device, clear the Device Memory check box. To stop encrypting files, clear the Media Card
check box.
Set encryption strength
If encryption of data that is stored on your BlackBerry® device is turned on, you can set the strength of the encryption that
your device uses to protect data that you receive when your device is locked.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. Change the Strength field.
4. Press the
key > Save.
Use a certificate to encrypt the encryption keys on your device
To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more
information, contact your administrator.
If you have encryption for data that is stored on your BlackBerry device turned on and your smart card reader supports this
feature, you might be able to use a certificate from the smart card to encrypt the encryption keys on your device.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Encryption.
3. Select the Two-factor Protection check box.
4. Press the
key > Save.
About encryption keys
If your BlackBerry® device is associated with an email account that uses a BlackBerry® Enterprise Server or BlackBerry® Desktop
Redirector, your device is designed to use an encryption key to protect data as it travels between the BlackBerry Enterprise
Server or BlackBerry Desktop Redirector and your device.
You should generate a new encryption key every 2 weeks.
Generate an encryption key
To perform this task, your work email account must use a BlackBerry® Enterprise Server that supports this feature. For more
information, contact your administrator.
User Guide
Security
256
If your email account uses a BlackBerry Enterprise Server that does not support this feature, you can generate an encryption
key using the BlackBerry® Desktop Software, if it includes the email settings tool. For more information, see the Help in the
BlackBerry Desktop Software.
1. On the Home screen or in a folder, click the Options icon.
2. Click Security > Security Status Information.
3. Highlight a service.
4. Press the
key.
5. Click Regenerate Encryption Key.