BlackBerry

How to Enable PGP on BES12

Last updated:

PGP (Pretty Good Privacy) is a data encryption and decryption technology that provides cryptographic privacy and authentication for data communications.

BES12 can utilize PGP point to point encryption within an email profile for BlackBerry 10 smartphones running BlackBerry 10 OS version 10.3.1 and later.

Note: PGP keys never synchronize to the BlackBerry smartphone. When BlackBerry smartphone requires the key(s), a call is placed to the Symantec Encryption Management server and the server will parse and deliver the applicable key to the smartphone.

Keys manually imported onto the smartphone using device options Settings\System Settings\Security and Privacy\PGP Keys do not take presidence over the BES12 PGP key distribution and as such, key(s) obtained from the Symantec Encryption Management server will be the ones utilized.

To enable PGP for point to point encryption service on the BES12 it is necessary to edit an existing mail profile or create a new one and enable the option.

  1. Open Policies and Profiles and listed under Email, click Add an email profile.
  2. Enter the email profile information applicable to the BlackBerry platform, scroll down to the PGP settings.
  3. To enable, select the dropdown box Allow, or Required. An available Disallow option also exists if PGP is explicitly denied in an organization.
  4. In the Symantec Encryption Management Server address input field, specify the FQDN or IP address of the organizations Symantec Encryption Management Server (this will allow BlackBerry 10 OS version 10.3 and later devices to enroll against the PGP server).
  5. Select the dropdown box for Symantec Encryption Management Server enrollment method and select either Email authentication or Microsoft Active Directory Authentication.
  6. These same options can also be changed within an existing Email profile to enable PGP.
  7. Click Add.

The PGP interface SSL certificate is not required but the issuing root and intermediate cert (if necessary) must also be trusted by the BlackBerry 10 smartphone. They can be delivered by way of a  CA certificate profile(s),

Instructions to create the profile are included in the BES12 Administration Guide under Creating CA certificate profiles.  This profile must be assigned to users/devices who will utilize PGP service.

To create a CA Certificate Profile in BES12 UI:

  1. On the menu bar, click Policies and Profiles.
  2. Click (+) beside CA certificate.
  3. Type a unique name and description for the profile.
  4. In the Certificate file field, click Browse to locate the Certificate Authority root certificate.
  5. Specify Browser certificate store and  Enterprise certificate store.
  6. Click Add.

Apply the profile to PGP enabled users on the BES12.

PGP is not currently available in BES12 for iOS, Android or Windows platforms.

[signoff predefined=”Enjoy this?” icon=”users”][/signoff]

Rapid Mobile

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking I Accept, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies.Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies allow us to count visits and traffic sources, so we can measure and improve the performance of our site.

We track anonymized user information to improve our website.
  • _ga
  • _gid
  • _gat

Decline all Services
Accept all Services