1. dst255's Avatar
    When it comes to Blackberry's and S/MIME, I have not been able to dig up a lot of information. Its a bit frustrating that the current implementation of the S/MIME support packages only work for BES users.

    I mean if I have my private key loaded into the phone's keystore, and I have the full certificate chain trusted, why wouldn't they add the extra functionality to allow someone to decrypt an email?

    Anyway, enough of my initial gripe (the number of BIS users that want S/MIME support is such a small number I'm sure.) Does anyone know of any 3rd party products or efforts going on to provide such functionality? I only briefly looked at some of the crypto API's, but it seems plausible to access the device's keystore, and use a specified private key to decrypt an email (or file for that matter).

    I just wish I had more free time, so I would look into this myself. Does anyone else wish for this functionality? Or am I all alone out here?
    06-15-09 02:42 PM
  2. ScienceRules's Avatar
    When it comes to Blackberry's and S/MIME, I have not been able to dig up a lot of information. Its a bit frustrating that the current implementation of the S/MIME support packages only work for BES users.

    I mean if I have my private key loaded into the phone's keystore, and I have the full certificate chain trusted, why wouldn't they add the extra functionality to allow someone to decrypt an email?

    Anyway, enough of my initial gripe (the number of BIS users that want S/MIME support is such a small number I'm sure.) Does anyone know of any 3rd party products or efforts going on to provide such functionality? I only briefly looked at some of the crypto API's, but it seems plausible to access the device's keystore, and use a specified private key to decrypt an email (or file for that matter).

    I just wish I had more free time, so I would look into this myself. Does anyone else wish for this functionality? Or am I all alone out here?
    S/MIME always did and still does work pin-to-pin without BES. If/when you have a legitimate need to use it, RIM can help you. In the meantime you can read the publicly available RIM documentation on s/mime and pgp crypto - but don't expect to be spoon-fed on this forum, cause it's not the right place (for crypto discussions).

    sR
    Last edited by ScienceRules; 07-09-09 at 02:38 AM. Reason: qualification/syntax edit
    07-09-09 02:15 AM
  3. F0nage's Avatar
    What's a legitimate need? It comes out of the box on vanilla Windows Outlook and Outlook Express installs. Why do you want to present it like it's only for illuminati? It's been around for a long time, it's a public standard, and every reasonable email client supports it natively.

    If BB is about security, then it should be about security for whoever buys a BB device.

    I doubt very much PIN messages use S/MIME, btw. That would be dramatic overkill. They might use public key crypto, but not S/MIME.
    01-19-10 12:01 PM
  4. webmeister's Avatar
    What's a legitimate need? It comes out of the box on vanilla Windows Outlook and Outlook Express installs. Why do you want to present it like it's only for illuminati? It's been around for a long time, it's a public standard, and every reasonable email client supports it natively.

    If BB is about security, then it should be about security for whoever buys a BB device.

    I doubt very much PIN messages use S/MIME, btw. That would be dramatic overkill. They might use public key crypto, but not S/MIME.
    I admire your restraint. That was an amazingly arrogant response you received to a well-considered question. I've wondered the same questions as you and will do a bit of digging, too. In fact, I'll post my findings on this "inappropriate" forum.

    I run my own CA so should be able to generate the right key containers, etc., depending on what official RIM info is out there. I would love to be able to send encrypted messages to my customers using (lowly?!) BIS. :-)

    /ES

    Posted from my CrackBerry at wapforums.crackberry.com
    01-19-10 07:33 PM
  5. F0nage's Avatar
    Hi webmaster and thanks for your post. I also run my own CA and I've been interested in privacy issues for many years. I wish more people would know how easy it is to communicate privately and securely even on Windows.

    I haven't received my BB yet but when I do I'll start looking into this area as well. Let's try to answer questions on these topics as best we can and if we can figure out how to deploy S/MIME on our devices under BIS we can put together a FAQ for the forum.
    01-20-10 01:31 AM
  6. stigtsp's Avatar
    Hey guys,

    I just got a Bold 9700 myself. And as an active user of cryptography I'm also interested in getting S/MIME support working on BIS (not BES).


    I've tried to enable S/MIME for the native email client by:

    - Installing my private keys and certificates. Worked like a charm, but no S/MIME options are available.

    - Look for ways to enable the S/MIME addon using Desktop Manager for both Mac and PC as suggested by other threads here. (Only to find out that S/MIME is already installed on OS 5.0 - but not activated.).

    - Poke around the engineering screens to see if it can be enabled somehow.


    I guess I've come to realise that S/MIME support is just not available on BIS. BlackBerry should really stop crippling their BIS service (in order to sell BES?) ...
    01-25-10 09:11 PM
  7. F0nage's Avatar
    Thanks, that's bad news. I can't believe they go out of their way to make it difficult to use with BIS.
    01-26-10 03:57 AM
  8. Fuzzballz's Avatar
    The consumer market is relatively new for RIM. Until the past couple/few years it's all been enterprise.
    01-26-10 04:22 AM
  9. F0nage's Avatar
    That doesn't explain why they don't offer the feature natively. The driver is on the phone as part of the OS.

    That would be like selling you a mini van with the back seats blocked off and saying only the commerical vans need back seats. It's already there, so just open it up. We paid the same (probably more, actually) for the same phone than the enterprise accounts did. What's the issue?
    01-26-10 04:43 AM
  10. Fuzzballz's Avatar
    dunno man, don't see it changing any time soon tho.
    01-26-10 04:44 AM
  11. martijn_brinkers's Avatar
    Bringing up an old thread but I think it might still be relevant for security conscious BlackBerry users.

    We have just released our open source BlackBerry application which automatically encrypts all email sent to and from a BlackBerry smartphone with S/MIME. Djigzo for BlackBerry is BIS compatible.

    Djigzo for BlackBerry is an add-on to the built-in BlackBerry mail application and should be used in combination with the Djigzo open source email encryption gateway. The most difficult part of email encryption is key management. Djigzo for BlackBerry therefore relies on the Djigzo gateway for most certificate management functions.

    Some it's features:

    * S/MIME encryption and digital signing using X.509 certificates.
    * All email is protected with an encrypted S/MIME tunnel.
    * Compatible with BIS.
    * Compatible with existing S/MIME clients (like Outlook and Lotus Notes).
    * Message body and attachments are encrypted. HTML email supported.
    * Uses BlackBerry encryption functionality (3DES, AES, X.509, S/MIME).
    * Compatible with the BlackBerry smart card reader.
    * Messages are stored on the BlackBerry smartphone in encrypted form.

    Djigzo binaries and source can be downloaded freely from our website. For more information see our website at www(dot)djigzo(dot)com.

    --
    Djigzo open source email encryption
    05-18-10 11:28 AM
  12. F0nage's Avatar
    Hi Martijn, that sounds like an interesting project/product.

    Can you explain exactly what's needed to use this for an individual on BIS?

    For example, we already have key management using Windows IE key store and the BlackBerry desktop software that transfers x.509 root certificates and individual x.509 certs and keys to the phone's key store. All that's missing from the user perspective (on BIS) is a way to get the built-in email client to use the certs.
    05-21-10 07:31 AM
  13. webmeister's Avatar
    S/MIME support works great with the free BESx (BlackBerry Enterprise Server Express) download.

    /ES
    05-24-10 06:58 PM
  14. F0nage's Avatar
    Thanks webmaster. What do you have to do to get it to work and do you need Windows Server?
    07-04-10 11:54 AM
  15. webmeister's Avatar
    Thanks webmaster. What do you have to do to get it to work and do you need Windows Server?
    You need to download the S/MIME support package for BlackBerry from the RIM downloads site and install it on your phone. BESx requires Lotus Domino or MS Exchange to operate. Since MS Exchange 2007 32-bit (my mail server) requires Windows Server I would say that it's probably a prerequisite.

    There are some good FAQs on the the RIM site. I also have a link to a very sparse write up (but which also contains links to the RIM FAQs) on my own tech blog here: BlackBerry Enterprise Server Express / Integrated with MS Exchange 2007 | Breezy! Site

    Here's a link to system requirements for BESx: http://na.blackberry.com/eng/service...quirements.pdf

    /ES
    Last edited by webmaster; 07-05-10 at 04:59 PM. Reason: Additional Link
    07-05-10 04:50 PM
LINK TO POST COPIED TO CLIPBOARD