Arshad Noor
Sat, 31 May 2008 16:49:34 -0700
So, what is it on the device that is using the 3DES key to encrypt chunks to send to the RIM messaging gateway? Something on the device has to encrypt/decrypt the data sent to/from the messaging server? Doesn't that constitute a session even if the 3DES keys are rotated frequently? (And, if they are, how are the 3DES keys agreed upon? Doesn't that imply public/private key-pairs or a master-key?) Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Victor Duchovni" <[EMAIL PROTECTED]> Cc: cryptography@metzdowd.com Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America/Los_Angeles Subject: Re: RIM to give in to GAK in India On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote: > Arshad Noor <[EMAIL PROTECTED]> writes: > > > Even if RIM does not have the device keys, in order to share encrypted > > data with applications on the RIM server, the device must share a session > > key with the server; must it not?. Isn't RIM (their software, actually) > > now in a position to decrypt content sent between Blackberry users? Or, > > does the Blackberry encryption protocol work like S/MIME? > > The enterprise solution does work something like S/MIME. The keys are symmetric 3DES, and encrypt message chunks (IIRC either 256 or 1K bytes) sent asynchronously to the enterprise messaging gateway. RIM does not have a secure session with the device. This is not like S/MIME except that as with S/MIME, this is not hop-by-hop encryption. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]