On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote:

> Arshad Noor <[EMAIL PROTECTED]> writes:
> > Even if RIM does not have the device keys, in order to share encrypted
> > data with applications on the RIM server, the device must share a session 
> > key with the server; must it not?.  Isn't RIM (their software, actually) 
> > now in a position to decrypt content sent between Blackberry users?  Or, 
> > does the Blackberry encryption protocol work like S/MIME?
> The enterprise solution does work something like S/MIME.

The keys are symmetric 3DES, and encrypt message chunks (IIRC either
256 or 1K bytes) sent asynchronously to the enterprise messaging gateway.
RIM does not have a secure session with the device. This is not like
S/MIME except that as with S/MIME, this is not hop-by-hop encryption.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to