List Info

Thread: Re : Email encryption with Blackberry
Re : Email encryption with Blackberry
user name
 2007-10-19 07:44:24 
thank you all for your responses.
we have the BES installed. I will try to update today the
blackberry terminal with the SMIME pkg and come back to you
soon as possible.
regards

e ----
De : Julien Lemoine <corkhaakongmail.com>
À : security-basicssecurityfocus.com
Cc : listbouncesecurityfocus.com
Envoyé le : Jeudi, 18 Octobre 2007, 10h18mn 08s
Objet : Re: Email encryption with Blackberry

Hi all,

I'm confronted to this problem now, because we have an
internal PKI, and 
created certificates are principally used to encrypt emails.
And since 
several weeks, some people in my service use Blackberry. So,
when we 
sent them encrypted emails, they can't read them.

Moreover, we don't have the BES license in our enterprise,
so these 
users can't download the Blackberry S/MIME pack.
The only solution we have found is to use a tool provided by
izecom 
(www.izecom.com/blackberry). This tool in its lite version
(freeware) 
permits to read encrypted emails and verify signed emails.
The 
commercial one permits to encrypt emails. This tool must be
downloaded 
directly from the Blackberry.

But before install it seems the Blackberry must be update
with the 
latest versions (for the associated operator), because some
encryption 
libraries are missing in the original installation.
To do that, go to 
http://na.blackberry.com/eng/support/downloads
/downloads_sites.jsp

I hope this solution can help you.

Julien

P.S.: Sorry if there is some mistakes, I don't really speak
English 
fluent. 

gjgoweytmo.blackberry.net a écrit :
> What I'm saying is that the blackberry functions as a
client slaved to the server.  It does not have the smtp
engine onboard.  The mail portion is handled via the
server/gateway and the transaction is handled between the
client and the server over a 3DES encrypted link.  
>
> The s/mime crypto (according to the rim tech) is not
happening on the BB, but on the server/gateway.  This
actually makes sense in that BB's are designed for corporate
environments which may be exchange based, lotus based, or
something else and not necessarily smtp.  The s/mime crypto
may be happening at the server level and the cert can very
well be provided to the server by the device for processing
of the message.
>
> The ssl part of my message was a bit of a separate
topic.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: "Roger A. Grimes" <rogerbanneretcs.com>
>
> Date: Sun, 14 Oct 2007 09:53:37 
> To:<gjgoweytmo.blackberry.net>,"soul"
<soul1273yahoo.fr>,<security-basicssecurityfocus.com>
> Subject: RE: Email encryption with Blackberry
>
>
> You're mixing up crypto here.  SSL isn't used in
S/MIME.  3DES is
> symmetric encryption and may be used in S/MIME, but not
in the way you
> are talking about it.
>
> Maybe that's your confusion.  Do you want SSL (to
protect email) to a
> gateway product; or S/MIME to protect email from
end-user to end-user
> endpoint?
>
> And if the BES server gets the cert (for S/MIME), there
would be no need
> to copy the cert from the desktop to the Blackberry
device.
>
> You're mixing up your crypto.
>
> Roger
>
>
************************************************************
*****
> *Roger A. Grimes, InfoWorld, Security Columnist 
> *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH,
yada...yada...
> *email: roger_grimesinfoworld.com or rogerbanneretcs.com
> *Author of Windows Vista Security: Securing Vista
Against Malicious
> Attacks (Wiley)
> *http://www.amazon.com/Windows-Vista-Secur
ity-Securing-Malicious/dp/0470
> 101555
>
************************************************************
*****
>
>
> -----Original Message-----
> From: gjgoweytmo.blackberry.net [mailto:gjgoweytmo.blackberry.net] 
> Sent: Saturday, October 13, 2007 8:02 PM
> To: Roger A. Grimes; soul; security-basicssecurityfocus.com
> Subject: Re: Email encryption with Blackberry
>
> I agree with you about what s/mime is, but the
blackberry's themselves
> are not the actual smtp engines.  They're just a point
to point pipe to
> the actual smtp engine (blackberry.net, bes, desktop
client, etc.).   The
> only on board crypto is for talking to the gateway
(3DES - I think) and
> websites (ssl).  However, if you flip through the
configuration menus in
> the blackberry you can push ssl processing to be
completely handled by
> the gateway.  That said, it's possible that the
blackberry tech was
> correct since the server could cache the cert on first
receipt.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: "Roger A. Grimes" <rogerbanneretcs.com>
>
> Date: Sat, 13 Oct 2007 19:47:26
> To:<gjgoweytmo.blackberry.net>,"soul"
> <soul1273yahoo.fr>,<security-basicssecurityfocus.com>
> Subject: RE: Email encryption with Blackberry
>
>
> The one install I performed this on did have a BES
server, but I'm
> fairly confident of how the desktop S/MIME product
works.  No software
> was required to be installed on the server. It was all
client-side. 
>
> Before the S/MIME packages were installed on the user's
desktop, their
> Blackberries could receive signed and encrypted
messages. They could see
> the signed messages as if the signed portion was
stripped off, but the
> encrypted ones would not displays saying they were
encrypted. Then we
> used the S/MIME support package and it just copies the
S/MIME keys out
> of Windows/Outlook and puts them on the phone.
>
> It's a little dubious to believe that any true
encryption information or
> encryption keys would be stored on the BES server.
S/MIME is endpoint to
> endpoint. Encryption and decryption of messages is 100%
done on the
> endpoint.  Otherwise it wouldn't be S/MIME.  The only
way I could see
> the BES server being involved is in trust path
verification or
> revocation checking, but I didn't see the Blackberries
being nearly that
> sophisticated.
>
> I just got through doing a multi-week project involving
Blackberries and
> S/MIME, so it's fairly fresh in my mind. With that
said, I'm not a
> Blackberry expert...so trust what RIM says more.  
>
> Still, I'd call back and question. The tech support may
have been right
> in that you needed a BES server to pull it off (or
maybe for licensing
> reasons)...but not for the reasons they stated. We
never installed certs
> to the BES server.
>
> Roger
>
>
************************************************************
*****
> *Roger A. Grimes, InfoWorld, Security Columnist 
> *CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH,
yada...yada...
> *email: roger_grimesinfoworld.com or rogerbanneretcs.com
> *Author of Windows Vista Security: Securing Vista
Against Malicious
> Attacks (Wiley)
> *http://www.amazon.com/Windows-Vista-Secur
ity-Securing-Malicious/dp/0470
> 101555
>
************************************************************
*****
>
>
> -----Original Message-----
> From: gjgoweytmo.blackberry.net [mailto:gjgoweytmo.blackberry.net] 
> Sent: Saturday, October 13, 2007 6:09 PM
> To: Roger A. Grimes; soul; security-basicssecurityfocus.com
> Subject: Re: Email encryption with Blackberry
>
> I'm curious.  This is a far different response than I
got from rim when
> I talked to them on the phone.  They said to me that I
couldn't use the
> s/mime solution from them because it required a bes
server and that the
> crypto actually took place on the bes server and not
the phone.
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: "Roger A. Grimes" <rogerbanneretcs.com>
>
> Date: Sat, 13 Oct 2007 14:11:03
> To:<gjgoweytmo.blackberry.net>,"soul"
> <soul1273yahoo.fr>,<security-basicssecurityfocus.com>
> Subject: RE: Email encryption with Blackberry
>
>
> Yes, you can use S/MIME with Blackberries.  You have to
obtain the RIM
> S/MIME Package, which is an add-in to the regular RIM
desktop client.
> Then you MUST connect your Blackberry to the desktop
with a physical
> cable (serial, USB, etc.).  The S/MIME package
downloads the installed
> S/MIME keys from desktop/laptop computer to your
Blackberry where they
> can be used to read and encrypt/sign email in the
Blackberries.
> Unfortunately, creating encrypted email on the
Blackberry isn't super
> easy, but at least your end-users can read encrypted
email easily.
>
> You'll need to make sure that any the S/MIME keys
needed (including the
> public keys from others) are installed on the desktop
before sync'ing
> the S/MIME Package to the Blackberry, so it can
transfer the keys.   And
> if an new public key is sent to the user, they'll have
to re-sync to get
> the new key.
>
> Also, you must have a Blackberry model capable of
supporting S/MIME,
> which the most current models do.
>
> Roger
>
>
************************************************************
*******
> *Roger A. Grimes, Senior Security Consultant
> *Microsoft Application Consulting and Engineering (ACE)
Services  
> *http://bl
ogs.msdn.com/ace_team/default.aspx
> *CPA, CISSP, CISA MCSE: Security (2000/2003), CEH,
yada...yada...
> *email: rogerbanneretcs.com or rogrimmicrosoft.com
> *Author of Windows Vista Security: Security Vista
Against Malicious
> Attacks (Wiley)
> *http://www.amazon.com/Windows-Vista-Secur
ity-Securing-Malicious/dp/0470
> 101555
>
************************************************************
*******
>
>
>
> -----Original Message-----
> From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com]
> On Behalf Of gjgoweytmo.blackberry.net
> Sent: Thursday, October 11, 2007 2:49 AM
> To: soul; listbouncesecurityfocus.com;
> security-basicssecurityfocus.com
> Subject: Re: Email encryption with Blackberry
>
> I can't give any definitie answers about the rim s/mime
product, but I
> can note a few things.  I have a thawte freemail cert
and my blackberry
> can import the cert without problem.  The steps are to
get the cert from
> thawte on the desktop, export it to file, and use the
blackberry desktop
> to push the cert onto the blackberry.  
>
> Now I can't tell you anything further than that since I
don't have the
> s/mime product, but I know that much works.  I'm
imagining though that
> the next few steps from there to make that cert work
with s/mime
> probably aren't that many.  
>
> Geoff
>
> Sent from my BlackBerry wireless handheld.
>
> -----Original Message-----
> From: soul <soul1273yahoo.fr>
>
> Date: Thu, 11 Oct 2007 06:39:40
> To:listbouncesecurityfocus.com, security-basicssecurityfocus.com
> Cc:gjgoweytmo.blackberry.net
> Subject: Email encryption with Blackberry
>
>
> Hi all
> We are trying to implement an email encryption solution
for our users.
> Our environment is Microsoft Exchange and Oulook 2003
client. the Top
> management use Balcberry.
> We chosed the Verisign Digital IDs certificate to
encrypt ans sign email
> with S/MIME in outlook 2003.
>
> We want now to enable email encryption on the
Blackberry using the same
> Verisign certificates.
> Is this possible? and how to do it? can the Balckberry
email client use
> the certificate to encrypt the email?
>
> Thank you.
> Soul
>
>
>
____________________________________________________________
____________
> _____ 
> Ne gardez plus qu'une seule adresse mail ! Copiez vos
mails vers Yahoo!
> Mail
>


     
____________________________________________________________
__________________ 
Stockage illimité de vos mails avec Yahoo! Mail. Changez
aujourd'hui de mail !
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )