Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 Manual

Loading...
Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 Manual

S/MIME Support Package

Version 4.1

User Guide Supplement

S/MIME Support Package Version 4.1 User Guide Supplement

Last modified: 14 October 2005

Part number: SWD_X_HH(EN)-074.001

At the time of publication, this documentation is based on the S/MIME Support Package version 4.1.

Send us your comments on product documentation: https://www.blackberry.com/DocsFeedback.

©2005 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images, and symbols are the exclusive properties of Research In Motion Limited. RIM, Research In Motion, “Always On, Always Connected”, the “envelope in motion” symbol, BlackBerry, BlackBerry Enterprise Server and the BlackBerry logo are registered with the U.S. Patent and Trademark Office and may be pending or registered in other countries.

Entrust, Entelligence, and Entrust Authority are either trademarks or registered trademarks of Entrust, Inc. in the United States and certain countries. Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners.

The BlackBerry device, the BlackBerry Smart Card Reader and/or associated software are protected by copyright, international treaties and various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428; D433,460; D416,256. Other patents are registered or pending in various countries around the world. Visit www.rim.com/patents.shtml for a listing of applicable RIM patents.

This document is provided “as is” and Research In Motion Limited and its affiliated companies (“RIM”) assume no responsibility for any typographical, technical or other inaccuracies in this document. RIM reserves the right to periodically change information that is contained in this document; however, RIM makes no commitment to provide any such changes, updates, enhancements or other additions to this document to you in a timely manner or at all. RIM MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR COVENANTS, EITHER EXPRESS OR IMPLIED (INCLUDING WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, MERCHANTABILITY, DURABILITY, TITLE, OR RELATED TO THE PERFORMANCE OR NON-PERFORMANCE OF ANY SOFTWARE REFERENCED HEREIN OR PERFORMANCE OF ANY SERVICES REFERENCED HEREIN). IN CONNECTION WITH YOUR USE OF THIS DOCUMENTATION, NEITHER RIM NOR ITS RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO YOU FOR ANY DAMAGES WHATSOEVER BE THEY DIRECT, ECONOMIC, COMMERCIAL, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY OR INDIRECT DAMAGES, EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT LIMITATION, LOSS OF BUSINESS REVENUE OR EARNINGS, LOST DATA, DAMAGES CAUSED BY DELAYS, LOST PROFITS, OR A FAILURE TO REALIZE EXPECTED SAVINGS.

This document might contain references to third party sources of information, hardware or software, products or services and/or third party web sites (collectively the “Third-Party Information”). RIM does not control, and is not responsible for, any Third-Party Information, including, without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any other aspect of Third-Party Information. The inclusion of Third-Party Information in this document does not imply endorsement by RIM of the Third Party Information or the third party in any way. Installation and use of Third Party Information with RIM's products and services may require one or more patent, trademark or copyright licenses in order to avoid infringement of the intellectual property rights of others. Any dealings with Third Party Information, including, without limitation, compliance with applicable licenses and terms and conditions, are solely between you and the third party. You are solely responsible for determining whether such third party licenses are required and are responsible for acquiring any such licenses relating to Third Party Information. To the extent that such intellectual property licenses may be required, RIM expressly recommends that you do not install or use Third Party Information until all such applicable licenses have been acquired by you or on your behalf. Your use of Third Party Information shall be governed by and subject to you agreeing to the terms of the Third Party Information licenses. Any Third Party Information that is provided with RIM's products and services is provided "as is". RIM makes no representation, warranty or guarantee whatsoever in relation to the Third Party Information and RIM assumes no liability whatsoever in relation to the Third Party Information even if RIM has been advised of the possibility of such damages or can anticipate such damages.

Research In Motion Limited

Research In Motion UK Limited

295 Phillip Street

Centrum House, 36 Station Road

Waterloo, ON N2L 3W8

Egham, Surrey TW20 9LF

Canada

United Kingdom

Published in Canada

 

Contents

 

1

S/MIME Support Package installation...............................................................................................................

7

2

BlackBerry Certificate Synchronization Manager............................................................................................

9

3

Certificates...............................................................................................................................................................

15

4

Certificate servers ..................................................................................................................................................

21

5

S/MIME messages.................................................................................................................................................

23

6

Search........................................................................................................................................................................

27

7

Memory cleaning....................................................................................................................................................

29

8

Smart cards..............................................................................................................................................................

31

9

Legal notice .............................................................................................................................................................

33

1

S/MIME Support Package installation

About the S/MIME Support Package

Install the S/MIME Support Package on your desktop computer computer

Install the S/MIME Support Package on your BlackBerry device

About the S/MIME Support Package

Install Secure Multipurpose Internet Mail Extension (S/MIME) support on your BlackBerry® device to include BlackBerry device applications that are designed to support S/MIME signing and encryption. Use the custom setup in the BlackBerry Desktop Software to add the Certificate Synchronization Manager.

Install the S/MIME Support Package on your desktop computer

Insert the BlackBerry® Desktop Software installation CD into your CD drive. Complete the on-screen instructions.

In the Setup Type window, select Custom.

In the Custom Setup window, click Certificate Synchronization. Select This feature, and all subfeatures, will be installed on local hard drive.

Related topics

Legal notice (See page 33.)

Install the S/MIME Support Package on your BlackBerry device

1.Verify that your BlackBerry® device is connected to your computer.

2.On the taskbar, click Start.

3.Click Programs > BlackBerry > Desktop > Desktop Manager.

4.Double-click the Application Loader icon.

5.Click Next.

6.Select the BlackBerry S/MIME Support Package check box.

7.To download Department of Defence (DoD) root certificates, select the DoD Root Certificates check box.

8.Click Next.

9.Click Finish.

Related topics

Legal notice (See page 33.)

User Guide Supplement

8

2

BlackBerry Certificate Synchronization

Manager

About the BlackBerry Certificate Synchronization Manager

Open the BlackBerry Certificate Synchronization Manager

About certificate information icons View certificates

View certificate information View certificate status Synchronize certificates

Import certificates from your company’s network Search for a certificate on an LDAP server Change certificate labels

Set the security level of private keys

View OCSP or CRL certificate server information View LDAP certificate server information

Add OCSP or CRL certificate servers Add LDAP certificate servers Manage certificate servers

About Entrust digital IDs

Use Entrust digital IDs with the BlackBerry Certificate Synchronization Manager

About the BlackBerry Certificate Synchronization Manager

The BlackBerry® Certificate Synchronization Manager is designed to enable users of supported BlackBerry devices to obtain certificates from numerous sources, download certificates to their BlackBerry device, and verify the authenticity and status of certificates. Certificate status information and certificate server information is designed to be sent between Certificate Authority (CA), Lightweight Directory Access Protocol (LDAP), Online Certificate Status Protocol (OCSP), and Certificate Revocation List (CRL) servers and the BlackBerry Certificate Synchronization Manager on the desktop computer, and from the desktop computer to the BlackBerry device through the standard synchronization process (across a serial or USB connection).

Open the BlackBerry Certificate Synchronization Manager

Verify that your BlackBerry® device is connected to your computer. On the taskbar, click Start. Click

Programs > BlackBerry > Desktop > Desktop Manager. Double-click the Certificate Sync icon.

User Guide Supplement

About certificate information icons

In the BlackBerry® Certificate Synchronization Manager, on the Personal Certificates, Other People’s Certificates, and Root Certificates tab, the following icons appear:

A selected check box indicates that the certificate is stored on the BlackBerry device.

The icons in this column provide information about the properties of a certificate.

The certificate chain is trusted. The certificate chain revocation status is good, and the certificate chain is valid.

The revocation status of the certificate chain is unknown, or a public key in the certificate chain is weak.

The certificate chain is untrusted, revoked, expired, not yet valid or could not be verified.

View certificates

In the BlackBerry® Certificate Synchronization Manager, perform one of the following actions:

To view certificates that are assigned to you, click the Personal Certificates tab.

To view certificates for another person that have been validated by a root Certificate Authority and to authenticate the identity of the person to whom they are assigned, click the Other People’s Certificates tab.

To view certificates that originate from a root Certificate Authority and are considered trustworthy, click the Root Certificates tab.

On the server tabs, the following fields appear:

Certificate Label: This field specifies the name of the certificate. By default, the name of the certificate holder is used.

Security: This field specifies the security level of the certificate that contains a private key. This field only appears on the Personal Certificates tab.

Email Address: This field specifies the email address of the certificate holder.

Subject: This field specifies detailed information about the certificate holder.

Issuer: This field specifies detailed information about the certificate issuer.

Serial Number: This field specifies the certificate serial number in hexidecimal format.

Certificate Source: This field specifies the display name of the certificate server on which the certificate resides or the Microsoft® Windows® store in which the certificate was found.

View certificate information

In the BlackBerry® Certificate Synchronization Manager, click a server tab. Right-click a certificate. Click View Certificate.

Serial Number: This field specifies the certificate serial number in hexidecimal format.

Issuer: Detailed information about the certificate issuer.

Valid From: This field specifies the date from which the certificate is valid as set by the issuing Certificate Authority.

Valid To: This field specifies the expiration date that is set by the issuing Certificate Authority.

Subject: Detailed information about the certificate holder.

Public key: This field specifies the standard to which the public ley complies. The BlackBerry device supports Rivest Shamir Adleman (RSA), Digital Signature Algorithm (DSA), and Elliptic Curve Cryptography (ECC) keys.

Subject Alternative Name: This field specifies the email address for the certificate.

Key Usage: This field specifies approved uses for the key.

10

SHA1 thumbprint: This field specifies the Secure Hash Algorithm, version 1 (SHA1) digital thumbprint of the certificate.

MD5 thumbprint: This field specifies the Message-Digest Algorithm, version 5 (MD5) digital thumbprint of the certificate.

View certificate status

In the BlackBerry® Certificate Synchronization Manager, click a server tab. Right-click a certificate. Click Edit Certificate Properties. Click View Certificate. Click Certification Path.

Synchronize certificates

To synchronize certificates manually, in the BlackBerry® Certificate Synchronization Manager, click a server tab. Select the check box beside a certificate. Click Synchronize.

Note:

Selected certificates are added to the BlackBerry device. Certificates that are not selected are removed from the device.

To set the BlackBerry Desktop Software to synchronize certificate information automatically, in the BlackBerry Certificate Synchronization Manager, click Options.

Click the Desktop Preferences tab. Perform one of the following actions:

To specify an interval after which certificates should be synchronized, set the Synchronize every field.

To synchronize certificates each time your device is connected to your computer, select the

Synchronize every time the BlackBerry device is connected option.

Warning:

Verify that you have a Public Key Infrastructure (PKI) system license for the certificate that you want to download.

2: BlackBerry Certificate Synchronization Manager

Import certificates from your company’s network

In the BlackBerry® Certificate Synchronization Manager, click Import Certificate. Select a file. Click

Open.

Note:

You can import certificates that are packaged with private keys and have a .pfx or .p12 file extension (for example, personal certificates). You can import other certificates with a .cer, .der, .crt, .p7b, .p7c, or .key file extension.

Search for a certificate on an LDAP server

1.In the BlackBerry® Certificate Synchronization Manager, click the Other People’s Certificates tab.

2.Click Find in LDAP.

3.Select one or more LDAP server(s).

4.Type certificate holder information in one or more of the following fields: First Name, Last Name, Email.

5.Click Search Now.

Note:

To store a certificate in the BlackBerry Certificate Synchronization Manager, select a query result. Click

Mark for addition.

Change certificate labels

In the BlackBerry® Certificate Synchronization Manager, click a server tab. Right-click a certificate. Click Edit Certificate Properties. Perform one of the following actions:

To specify a name for the certificate, in the Certificate Label section, type a name.

11

+ 23 hidden pages