So, what is it on the device that is using the 3DES key to encrypt chunks to send to the RIM messaging gateway? Something on the device has to encrypt/decrypt the data sent to/from the messaging server? Doesn't that constitute a session even if the 3DES keys are rotated frequently? (And, if they are, how are the 3DES keys agreed upon? Doesn't that imply public/private key-pairs or a master-key?)
Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Victor Duchovni" <[EMAIL PROTECTED]> Cc: [email protected] Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America/Los_Angeles Subject: Re: RIM to give in to GAK in India On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote: > Arshad Noor <[EMAIL PROTECTED]> writes: > > > Even if RIM does not have the device keys, in order to share encrypted > > data with applications on the RIM server, the device must share a session > > key with the server; must it not?. Isn't RIM (their software, actually) > > now in a position to decrypt content sent between Blackberry users? Or, > > does the Blackberry encryption protocol work like S/MIME? > > The enterprise solution does work something like S/MIME. The keys are symmetric 3DES, and encrypt message chunks (IIRC either 256 or 1K bytes) sent asynchronously to the enterprise messaging gateway. RIM does not have a secure session with the device. This is not like S/MIME except that as with S/MIME, this is not hop-by-hop encryption. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
