03-20-17 01:47 PM
156 12345 ...
tools
  1. tickerguy's Avatar
    The value of S/MIME is not so much for internal communications; as you noted it is pretty simple to do encryption at rest on your endpoints within a company.

    No, the value is that you can now send something to a client (or they to you) externally and have either or both confidentiality and the ability to prove that the content allegedly received is unaltered (by either party.)
    Jerry A, chgaida and zmsox like this.
    05-17-15 11:44 AM
  2. lasouthern's Avatar
    Does anybody know when 10.3.2 is officially coming out? I'm ready for s mime for my Exchange account already.

    Posted via CB10
    05-25-15 03:25 PM
  3. xstranger111's Avatar
    OS10.3.2 is not available officially. OS 10.3.2 is not expected until mid-2015.
    05-26-15 05:40 AM
  4. thurask's Avatar
    Does anybody know when 10.3.2 is officially coming out? I'm ready for s mime for my Exchange account already.

    Posted via CB10
    Soon(TM).

    Posted via CB10
    05-27-15 03:04 AM
  5. CharlieV's Avatar
    Just checked back here after a time away and I am disappointed to see that PGP has not improved on BB10 devices.
    05-28-15 03:44 PM
  6. zmsox's Avatar
    ClassicSQC100-1/10.3.2.840

    Still the same pgp problem

    BlackBerry to BlackBerry you can decrypt

    But mac to BlackBerry no

    Posted via CB10
    06-25-15 01:56 PM
  7. zmsox's Avatar
    I'm now on ClassicSQC100-1/10.3.2.2339

    But still no chance to decrypt the mails which aren't sent from a BlackBerry encrypted.



    Posted via CB10
    07-08-15 06:26 PM
  8. Catberry74's Avatar
    Maybe its an endian Issue? x86/X64 CPUs are Big Endian, while most other CPUs (like ARM, MIPS, PPC) are Little Endian. I think there where also problems when Apple used PPC Hardware with some PC software to decypher Apple PGP mails. Hmmm... I think I have to check this out if it works with my Raspberry Pi 2 and my Q5.
    07-11-15 08:34 AM
  9. tickerguy's Avatar
    Nope... One of the nice things about having my own ActiveSync server in *source* is that I can manipulate what goes to the device with a great degree of granularity.
    07-11-15 04:40 PM
  10. offyoutoddle's Avatar
    I've been playing with the 10.3.2 leak and the settings for securing mail - I have smime certificates that correspond to my outlook.com and gmail mail addresses, and I have imported them fine. I also I have pgp keys, and I have got the private and public keys to import, but I cannot get the 'secure mail' options to show up from within the accounts setting pages in the hub. I think the problem is these accounts - this definetly does not work for all imap or activesync accounts - my gmail account is set up as imap, and my outlook.com account I have tried as imap and as activesync, but it doesn't make any difference. I think there is still some way to go before this stuff will work for non bes customers. Unless anyone has any suggestions, i think I will let this lay until the next round of leaks or the next OS version. Problem is with how things are going for bb10 these days, one can't help but feel we will never get this.
    07-12-15 05:30 PM
  11. tickerguy's Avatar
    Oh it comes up IF your ActiveSync server returns the correct protocol revision numbers. I have it running here and I'm NOT on BES.

    Note that many so-called "ActiveSync" capable "shared" or "cloud" servers do not implement all of the protocol (or implement it correctly.) Microsoft is the canonical source for this stuff and they publish a very convoluted but complete specification; if you start tracing things you'll find out where the problems are but unless you have source running on your own hardware (as I do) there's nothing you can do about it.
    07-12-15 06:05 PM
  12. drasir's Avatar
    I tested multiple IMAP accounts, none of which have worked. My hosted exchange account does give me secure email settings, configurable for PGP and S/MIME. It "seems" to work, but i have not fully tested correct transmission.
    07-12-15 06:15 PM
  13. offyoutoddle's Avatar
    Oh it comes up IF your ActiveSync server returns the correct protocol revision numbers. I have it running here and I'm NOT on BES.

    Note that many so-called "ActiveSync" capable "shared" or "cloud" servers do not implement all of the protocol (or implement it correctly.) Microsoft is the canonical source for this stuff and they publish a very convoluted but complete specification; if you start tracing things you'll find out where the problems are but unless you have source running on your own hardware (as I do) there's nothing you can do about it.
    yeah this is what I suspected. Effectively gmail and outlook/hotmail/live are out. Ironic that ms who made activesyn don't implement all of their own protocol though

    So, pay for Bes, pay for exchange hosting, or host my own with my own kit which isn't as tolerant as a server room (i tried this before on an SBS server) . Either way pgp or smime will cost regularly. Nice.
    07-13-15 05:18 AM
  14. zmsox's Avatar
    I've been playing with the 10.3.2 leak and the settings for securing mail - I have smime certificates that correspond to my outlook.com and gmail mail addresses, and I have imported them fine. I also I have pgp keys, and I have got the private and public keys to import, but I cannot get the 'secure mail' options to show up from within the accounts setting pages in the hub. I think the problem is these accounts - this definetly does not work for all imap or activesync accounts - my gmail account is set up as imap, and my outlook.com account I have tried as imap and as activesync, but it doesn't make any difference. I think there is still some way to go before this stuff will work for non bes customers. Unless anyone has any suggestions, i think I will let this lay until the next round of leaks or the next OS version. Problem is with how things are going for bb10 these days, one can't help but feel we will never get this.
    Hmmm
    I don't know exactly. Because all my accounts are configured all my accounts as exchange accounts.ive played with smime and worked well.
    07-13-15 07:37 AM
  15. tickerguy's Avatar
    BES will not help you if your Exchange server doesn't work correctly. In fact it will do exactly nothing under that circumstance.

    Go look at some of my other posts on this topic; I've done a lot of work on it including tracing at a packet level.
    chgaida and offyoutoddle like this.
    07-13-15 08:35 AM
  16. schlurch's Avatar
    is there an official BlackBerry source which explains exactly what we need to use PGP/S-MIME properly?
    08-10-15 08:11 AM
  17. tickerguy's Avatar
    Sigh...
    08-10-15 01:06 PM
  18. zmsox's Avatar
    I think it's a bug in the BlackBerry software

    Posted via CB10
    08-16-15 12:08 PM
  19. tickerguy's Avatar
    There are a number of bugs in both PGP and S/MIME with 10.3.2; it can be made to work in some cases, but not all. In particular PGP has issues with open source client-sent emails (e.g. Enigmail on Thunderbird, etc.)

    S/MIME's problems are on the sending side.

    In all cases an Exchange ActiveSync email server that is properly implemented is required. There are a lot of "public" servers that supposedly implement ActiveSync as a protocol but do not do so completely, particularly for encrypted and signed messages.
    08-16-15 09:43 PM
  20. shandy-R2D2's Avatar
    Hello everyone,


    OK , I've got to be missing something here...I successfully managed to import my pgp keys (3 of them, they're all listed under 'My keys'). People in this thread confirm the email app is supposed to offer the possibility of encrypting the message once the system detects you've stored your certificate/certificates. Then there's information according to which it only works with ActiveSync accounts (not all of them to make it even worse...) I thought that's what outlook.com is supposed to be, an ActiveSync account....I've got 3 imap account and understand it's not going to work with those. But it doesn't work with my outlook.com account either... According to certain posts this is due to the fact that outlook.com isn't a 'real ActiveSync' account even though it's MS' very own technology and despite the fact that's how the account is labelled with the my Classic - as an ActiveSync Exchange...could somebody please let me know if my situation is in line with the known limitations of the current non-BES PGP implementation on a BlackBerry 10.3.2.2226 running device with an outlook.com account? Also, where exactly do you find the option to encrypt your emails?

    Thanks a lot....!!!
    08-27-15 04:07 AM
  21. tickerguy's Avatar
    Yes.

    That something is labeled "Exchange ActiveSync" doesn't mean that it supports both the correct protocol versions AND the correct WBXML requirements for signed and encrypted message transport.

    I have an outlook.com account and it doesn't work on there because the required components of the EAS protocol are not there.
    08-27-15 09:08 AM
  22. Enclavet's Avatar
    Anyone know if the latest beta leak fixed this issue?

    Seeing the same issue as everyone else.

    My email service has the option to encrypt all my incoming emails with my Public Key. On my passport I have my key pair imported and selected for my email service account. The Email service has ActiveSync support. When sending an email out from my passport, I am able to use my thunderbird to decrypt the email no problem. But when I have an email incoming to my service which is encrypted with my public key on my email server, I am unable to read the email.

    I wonder if I had exchange setup with an encrypted email on the exchange server setup, would it decrypt the email fine? I might test this by sending an encrypted email to my work email (proper exchange) then see if I can decrypt it.
    08-27-15 09:57 PM
  23. tickerguy's Avatar
    Anyone know if the latest beta leak fixed this issue?

    Seeing the same issue as everyone else.

    My email service has the option to encrypt all my incoming emails with my Public Key. On my passport I have my key pair imported and selected for my email service account. The Email service has ActiveSync support. When sending an email out from my passport, I am able to use my thunderbird to decrypt the email no problem. But when I have an email incoming to my service which is encrypted with my public key on my email server, I am unable to read the email.
    Yep.
    08-28-15 12:03 AM
  24. Enclavet's Avatar
    I actually think BB10 does support PGP/Mime. I am on the latest leaked BB10 version and basically as reported on crackberry, when sending out emails, we are able to decrypt it on third party clients (Enigmail). However when sending encrypted emails to the BB10, we are unable to decrypt. The difference I see with the emails sent from the BB device and the third party clients is the "attachment names". When the BB device sends out an email I see two attachments:

    application1.pgp-encrypted (0 bytes)
    application2.octet-stream (the PGP encrypted message)

    When I use a third party PGP/mime implementation (Enigmail) I see the following:

    application1.pgp-encrypted
    encrypted.asc

    I will try playing with an linux mail system to send out an octet-stream with the pgp message. Maybe it will decrypt it then. Might also have to bug my mail service (has the feature of encrypted all incoming email with a PGP public key) to maybe change it to a more BB device friendly implementation.
    08-29-15 05:31 PM
  25. Enclavet's Avatar
    More info from raw email:

    Blackberry Implementation:

    --===============############==
    Content-Type: application/pgp-encrypted; Version="1"
    MIME-Version: 1.0


    --===============#############==
    Content-Type: application/octet-stream
    MIME-Version: 1.0

    -----BEGIN PGP MESSAGE-----
    -----END PGP MESSAGE-----

    From my mail service (reads fine in enigmail):

    --############################################
    Content-Type: application/pgp-encrypted
    Content-Description: PGP/MIME version identification

    Version: 1

    --############################################
    Content-Type: application/octet-stream; name="encrypted.asc"
    Content-Description: OpenPGP encrypted message
    Content-Disposition: inline; filename="encrypted.asc"

    -----BEGIN PGP MESSAGE-----
    -----END PGP MESSAGE-----
    08-29-15 05:45 PM
156 12345 ...

Similar Threads

  1. New Classic on Amazon for only $379.99
    By Steveo989 in forum BlackBerry Classic
    Replies: 10
    Last Post: 03-25-15, 01:10 PM
  2. Delete auto suggestions on keyboard
    By pankajupadhyay05 in forum BlackBerry 10 OS
    Replies: 4
    Last Post: 03-24-15, 10:56 PM
  3. Can I get help with my Q10 OS 10.3.1.2576?
    By Sameeh657 in forum BlackBerry 10 OS
    Replies: 3
    Last Post: 03-24-15, 05:35 PM
  4. How do I edit the Calendar on Z10?
    By Kicker-69 in forum Ask a Question
    Replies: 1
    Last Post: 03-24-15, 04:30 PM
  5. Font size on lock screen
    By redlightblinking in forum BlackBerry Classic
    Replies: 2
    Last Post: 03-24-15, 03:30 PM
LINK TO POST COPIED TO CLIPBOARD