Blackberry PEARL 8130, PEARL 8120, PEARL 8100 User Manual
S/MIME Support Package for BlackBerry
Devices
User Guide Supplement
BlackBerry Pearl 8120 Smartphone
BlackBerry Pearl 8130 Smartphone
S/MIME Support Package for BlackBerry Devices User Guide Supplement
Last modified: 20 July 2007
Document ID: 13381054-001
At the time of publication, this documentation is based on S/MIME Support Package for BlackBerry devices
Version 4.3.
Send us your comments on product documentation: https://www.blackberry.com/DocsFeedback.
Contents
1 S/MIME Support Package for BlackBerry devices installation ......................................................................... 5
2 Certificates.................................................................................................................................................................7
3 Certificate servers ................................................................................................................................................... 17
4 S/MIME messages...................................................................................................................................................19
5 Smart cards .............................................................................................................................................................27
6 Legal notice............................................................................................................................................................. 33
S/MIME Support Package for BlackBerry devices installation
1
About the S/MIME Support Package for BlackBerry devices
Install the certificate synchronization tool on your computer
S/MIME Support Package for BlackBerry devices prerequisites
Install the S/MIME Support Package for BlackBerry devices on your computer
Install the S/MIME Support Package for BlackBerry
devices on your BlackBerry device
About the S/MIME Support Package
for BlackBerry devices
The S/MIME Support Package for BlackBerry® devices
is designed to permit you to send Secure Multipurpose
Internet Mail Extensions (S/MIME) messages from—
and receive S/MIME messages on—your device, if you
are already sending S/MIME messages from and
receiving S/MIME messages on your computer.
Install the certificate synchronization
tool on your computer
1. Insert the BlackBerry User Tools CD in to your CD
drive.
2. Complete the instructions on the screen.
3. In the Program Maintenance or Setup Type
window, perform one of the following actions:
• For a new installation of the BlackBerry®
Desktop Software, in the Setup Type window,
select Custom.
• If you are modifying the BlackBerry Desktop
Software installation to add the certificate
synchronization tool, in the Program
Maintenance window, select Modify.
4. Click Certificate Synchronization.
5. Select This feature, and all subfeatures, will be
installed on local hard drive.
For information about using the certificate
synchronization tool, see the
Software Online Help
BlackBerry Desktop
.
S/MIME Support Package for
BlackBerry devices prerequisites
• Verify that you have installed the BlackBerry®
Device Software on your computer. The installer
for the S/MIME Support Package for BlackBerry
devices uses components from the BlackBerry
Device Software.
• Verify that you have obtained the installer for the
S/MIME Support Package for BlackBerry devices.
Install the S/MIME Support Package
for BlackBerry devices on your
computer
1. Double-click the installer for the S/MIME Support
Package for BlackBerry® devices.
2. Complete the instructions on the screen.
User Guide Supplement
Install the S/MIME Support Package for BlackBerry devices on your BlackBerry device
1. Connect your BlackBerry® device to your
computer.
2. On the taskbar, click Start > Programs >
BlackBerry > Desktop Manager.
3. Double-click the Application Loader icon.
4. Click Next.
5. Select the BlackBerry S/MIME Support Package
check box.
6. If you require Department of Defense (DoD) root
certificates, select the DoD Root Certificates
check box.
7. Click Next.
8. Click Finish.
Related topic
Legal notice (See page 33.)
6
Certificates
2
About certificates
About certificate icons
Download a certificate
Filter certificates
Find certificate information
Certificate information fields
Find certificates in a chain
Check the status of a certificate or certificate chain
Set a certificate to trusted
Set a certificate to not trusted
Send a certificate to a contact
Add an email address association to a certificate
Set options for checking the status of a certificate
Use the common name when adding a certificate to
the key store
Change the display name for a certificate
Change the security level for a private key
Revoke a certificate
Revocation reasons
Delete a certificate
Add a contact when adding a certificate to the key
store
Set the service used to download certificates
Reject CRLs from unverified certificate servers
About the key store
Change the key store password
Set how long your key store password is remembered
Set how frequently the revocation status is refreshed
Do not back up or restore items in the key store
Shortcuts for filtering certificates
Shortcuts for viewing certificate information
Certificate troubleshooting
About certificates
A certificate is a digital document that binds the
identity and public key of a certificate subject. Each
certificate has an associated private key. You can
request a certificate from a Certificate Authority (CA).
The CA signs the certificate to verify that it can be
trusted.
Other people use the public key of your certificate to
encrypt email messages that they send to you and to
verify the signature on email messages that you send
to them. Your BlackBerry® device uses the private key
associated with your certificate to sign email
messages that you send and decrypt email messages
sent to you. Private key information is never publicly
available.
Related topics
About certificate icons (See page 7.)
About digital signatures and encryption (See page 19.)
About the key store (See page 13.)
About certificate icons
The following icons indicate the status of certificates
stored on your BlackBerry® device:
User Guide Supplement
• Key: The certificate has a corresponding private
key either on your device or on a smart card.
• Check mark: The certificate chain is trusted, the
certificate chain revocation status is good, and the
certificate chain is valid.
• Question mark: The revocation status of the
certificate is unknown, or a public key in the
certificate chain is weak.
• X: The certificate chain is untrusted, revoked,
expired, not yet valid, or could not be verified.
Download a certificate
1. In the device options, click Security Options.
2. Click Certificates.
3. Press the Menu key.
4. Click Fetch Certificates.
5. Select a Lightweight Directory Access Protocol
(LDAP) server.
6. Type the certificate subject information in one or
more of the First Name, Last Name, or Email
fields.
7. Press the Menu key.
8. Click Search.
9. Click a certificate with an unchecked check box.
10. Click Add Certificate to Key Store.
11. Type your key store password.
12. Click OK.
A selected check box beside a certificate indicates that
the certificate is stored in the key store on your
BlackBerry® device.
Note:
Your device might prompt you to download the
certificate status or to type a label for the certificate.
Related topics
About the key store (See page 13.)
Set options for checking the status of a certificate (See
page 10.)
Use the common name when adding a certificate to
the key store (See page 11.)
I cannot download a certificate (See page 15.)
Filter certificates
The current filter is indicated in the upper-right corner
of the screen.
1. In the device options, click Security Options.
2. Click Certificates.
3. Press the Menu key.
4. Perform one of the following actions:
• To view all certificates on your BlackBerry®
device, click Show All Certs.
• To view only your certificates, click Show My
Certs.
• To view certificates for other people, click
Show Others Certs.
• To view Certificate Authority (CA) certificates,
click Show CA Certs.
• To view certificates for root CAs, click Show
Root Certs.
Related topic
Shortcuts for filtering certificates (See page 14.)
Find certificate information
1. In the device options, click Security Options.
2. Click Certificates.
3. Click a certificate.
Related topics
Find certificates in a chain (See page 9.)
Change the display name for a certificate (See page
11.)
8
2: Certificates
Shortcuts for viewing certificate information (See
page 14.)
Certificate information fields
• Revocation Status: The status of the certificate at
a specified date and time.
• Trust Status: How the certificate is trusted.
• Explicitly Trusted: The certificate itself is
trusted.
• Implicitly Trusted: The certificate chains to a
certificate that is trusted on your BlackBerry®
device.
• Not Trusted: The certificate is not explicitly
trusted and does not chain to a trusted
certificate on your device.
• Expiration Date: The expiration date that is set by
the issuing Certificate Authority (CA).
• Certificate Type: The Public Key Infrastructure
(PKI) certificate format.
• Public Key Type: The standard to which the public
key complies. Your device supports Rivest Shamir
Adleman (RSA), Digital Signature Algorithm
(DSA), Diffie-Hellman (DH), and Elliptic Curve
Cryptography (ECC) keys.
• Subject: Detailed information about the
certificate subject.
• Issuer: Detailed information about the certificate
issuer.
• Serial Number: The certificate serial number in
hexidecimal format.
• Key Usage: Approved uses for the key.
• Subject Alt Name: The email address for the
certificate, if known.
• SHA1 Thumbprint: The Secure Hash Algorithm,
Version 1 (SHA1) digital thumbprint of the
certificate.
• MD5 Thumbprint: The Message-Digest
Algorithm, Version 5 (MD5) digital thumbprint of
the certificate.
Related topics
About certificates (See page 7.)
Find certificate information (See page 8.)
Find certificates in a chain
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a certificate.
4. Press the Menu key.
5. Click Show Chain.
Related topic
Find certificate information (See page 8.)
Check the status of a certificate or certificate chain
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a certificate.
4. Press the Menu key.
5. Perform one of the following actions:
• To verify the status of the certificate, click
Fetch Status.
• To verify the status of the certificate and all
other certificates in the chain, click Fetch
Chain Status.
Related topics
About the key store (See page 13.)
Download a certificate (See page 8.)
9
User Guide Supplement
Set a certificate to trusted
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight an untrusted certificate.
4. Press the Menu key.
5. Click Trust.
6. If the certificate is not a root certificate, a prompt
appears. Perform one of the following actions:
• To trust only the highlighted certificate, click
Selected Certificate.
• To trust the entire certificate chain by trusting
the root certificate, click Entire Chain.
Related topics
About certificates (See page 7.)
About certificate icons (See page 7.)
Set a certificate to not trusted (See page 10.)
Set a certificate to not trusted
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a trusted certificate.
4. Press the Menu key.
5. Click Distrust.
Related topic
About certificates (See page 7.)
About certificate icons (See page 7.)
Send a certificate to a contact
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a certificate.
4. Press the Menu key.
5. Click Send via Email or Send via PIN.
Note:
When you send a certificate, only the public key is sent
and not the private key.
Related topics
Attach a certificate to a message (See page 24.)
Import a certificate from a message (See page 21.)
Add an email address association to a certificate
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a certificate belonging to another
person.
4. Press the Menu key.
5. Click Associate Addresses.
6. Click the trackball.
7. Click Add Address.
8. Click [Use Once].
9. Type an email address.
10. Click the trackball.
11. Press the Menu key.
12. Click Save.
To remove the associated address, click the address.
Click Delete Address.
Related topics
About the key store (See page 13.)
Filter certificates (See page 8.)
Set options for checking the status of a certificate
1. In the device options, click Security Options.
10
2: Certificates
2. Click Certificates.
3. Press the Menu key.
4. Click Fetch Certificates.
5. Press the Menu key.
6. Click Options.
7. Perform one of the following actions:
• To always download the status of a certificate
when you add it to the key store, set the Fetch
Status field to Yes.
• To be prompted to download the status of a
certificate when you add it to the key store, set
the Fetch Status field to Prompt.
• To never download the status of a certificate
when you add it to the key store, set the Fetch
Status field to No.
8. Press the Menu key.
9. Click Save.
Related topics
About the key store (See page 13.)
Check the status of a certificate or certificate chain
(See page 9.)
8. Press the Menu key.
9. Click Save.
Related topics
Change the display name for a certificate (See page
11.)
Add a contact when adding a certificate to the key
store (See page 12.)
Change the display name for a certificate
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a certificate.
4. Press the Menu key.
5. Click Change Label.
6. Type a new certificate label.
7. Click OK.
Related topic
Use the common name when adding a certificate to
the key store (See page 11.)
Use the common name when adding a certificate to the key store
The common name is the name set for the key when it
is generated. You can use the common name as a label
for the key on your BlackBerry® device or you can set
the label to one that has more meaning to you.
1. In the device options, click Security Options.
2. Click Certificates.
3. Press the Menu key.
4. Click Fetch Certificates.
5. Press the Menu key.
6. Click Options.
7. Set the Prompt for Label field to No.
Change the security level for a private key
1. In the device options, click Security Options.
2. Click Certificates.
3. Highlight a personal certificate.
4. Press the Menu key.
5. Click Change Security Level.
6. To change the security level, press the Space key.
7. Click OK.
11
Loading...