Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 User Manual
S/MIME Support Package
Version 4.1
User Guide Supplement
S/MIME Support Package Version 4.1 User Guide Supplement
Last modified: 14 October 2005
Part number: SWD_X_HH(EN)-074.001
At the time of publication, this documentation is based on the S/MIME Support Package version 4.1.
Send us your comments on product documentation: https://www.blackberry.com/DocsFeedback.
©2005 Research In Motion Limited. All Rights Reserved. The BlackBerry and RIM families of related marks, images, and symbols are the
exclusive properties of Research In Motion Limited. RIM, Research In Motion, “Always On, Always Connected”, the “envelope in motion”
symbol, BlackBerry, BlackBerry Enterprise Server and the BlackBerry logo are registered with the U.S. Patent and Trademark Office and may be
pending or registered in other countries.
Entrust, Entelligence, and Entrust Authority are either trademarks or registered trademarks of Entrust, Inc. in the United States and certain
countries. Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other
countries. All other brands, product names, company names, trademarks and service marks are the properties of their respective owners.
The BlackBerry device, the BlackBerry Smart Card Reader and/or associated software are protected by copyright, international treaties and
various patents, including one or more of the following U.S. patents: 6,278,442; 6,271,605; 6,219,694; 6,075,470; 6,073,318; D445,428;
D433,460; D416,256. Other patents are registered or pending in various countries around the world. Visit www.rim.com/patents.shtml for a
listing of applicable RIM patents.
This document is provided “as is” and Research In Motion Limited and its affiliated companies (“RIM”) assume no responsibility for any
typographical, technical or other inaccuracies in this document. RIM reserves the right to periodically change information that is contained in
this document; however, RIM makes no commitment to provide any such changes, updates, enhancements or other additions to this document
to you in a timely manner or at all. RIM MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR COVENANTS, EITHER EXPRESS OR
IMPLIED (INCLUDING WITHOUT LIMITATION, ANY EXPRESS OR IMPLIED WARRANTIES OR CONDITIONS OF FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, MERCHANTABILITY, DURABILITY, TITLE, OR RELATED TO THE PERFORMANCE OR NON-PERFORMANCE OF
ANY SOFTWARE REFERENCED HEREIN OR PERFORMANCE OF ANY SERVICES REFERENCED HEREIN). IN CONNECTION WITH YOUR USE OF
THIS DOCUMENTATION, NEITHER RIM NOR ITS RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES OR CONSULTANTS SHALL BE LIABLE TO
YOU FOR ANY DAMAGES WHATSOEVER BE THEY DIRECT, ECONOMIC, COMMERCIAL, SPECIAL, CONSEQUENTIAL, INCIDENTAL,
EXEMPLARY OR INDIRECT DAMAGES, EVEN IF RIM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, INCLUDING WITHOUT
LIMITATION, LOSS OF BUSINESS REVENUE OR EARNINGS, LOST DATA, DAMAGES CAUSED BY DELAYS, LOST PROFITS, OR A FAILURE TO
REALIZE EXPECTED SAVINGS.
This document might contain references to third party sources of information, hardware or software, products or services and/or third party
web sites (collectively the “Third-Party Information”). RIM does not control, and is not responsible for, any Third-Party Information, including,
without limitation the content, accuracy, copyright compliance, compatibility, performance, trustworthiness, legality, decency, links, or any
other aspect of Third-Party Information. The inclusion of Third-Party Information in this document does not imply endorsement by RIM of the
Third Party Information or the third party in any way. Installation and use of Third Party Information with RIM's products and services may
require one or more patent, trademark or copyright licenses in order to avoid infringement of the intellectual property rights of others. Any
dealings with Third Party Information, including, without limitation, compliance with applicable licenses and terms and conditions, are solely
between you and the third party. You are solely responsible for determining whether such third party licenses are required and are responsible
for acquiring any such licenses relating to Third Party Information. To the extent that such intellectual property licenses may be required, RIM
expressly recommends that you do not install or use Third Party Information until all such applicable licenses have been acquired by you or on
your behalf. Your use of Third Party Information shall be governed by and subject to you agreeing to the terms of the Third Party Information
licenses. Any Third Party Information that is provided with RIM's products and services is provided "as is". RIM makes no representation,
warranty or guarantee whatsoever in relation to the Third Party Information and RIM assumes no liability whatsoever in relation to the Third
Party Information even if RIM has been advised of the possibility of such damages or can anticipate such damages.
Research In Motion Limited
295 Phillip Street
Waterloo, ON N2L 3W8
Canada
Published in Canada
Research In Motion UK Limited
Centrum House, 36 Station Road
Egham, Surrey TW20 9LF
United Kingdom
Contents
1 S/MIME Support Package installation............................................................................................................... 7
2 BlackBerry Certificate Synchronization Manager ............................................................................................ 9
3 Certificates...............................................................................................................................................................15
4 Certificate servers ..................................................................................................................................................21
5 S/MIME messages .................................................................................................................................................23
6 Search........................................................................................................................................................................27
7 Memory cleaning....................................................................................................................................................29
8 Smart cards..............................................................................................................................................................31
9 Legal notice .............................................................................................................................................................33
S/MIME Support Package installation
1
About the S/MIME Support Package
Install the S/MIME Support Package on your desktop
computer computer
Install the S/MIME Support Package on your
BlackBerry device
About the S/MIME Support Package
Install Secure Multipurpose Internet Mail Extension
(S/MIME) support on your BlackBerry® device to
include BlackBerry device applications that are
designed to support S/MIME signing and encryption.
Use the custom setup in the BlackBerry Desktop
Software to add the Certificate Synchronization
Manager.
Install the S/MIME Support Package
on your desktop computer
Insert the BlackBerry® Desktop Software installation
CD into your CD drive. Complete the on-screen
instructions.
• In the Setup Type window, select Custom.
• In the Custom Setup window, click Certificate
Synchronization. Select This feature, and all
subfeatures, will be installed on local hard
drive.
Install the S/MIME Support Package
on your BlackBerry device
1. Verify that your BlackBerry® device is connected
to your computer.
2. On the taskbar, click Start.
3. Click Programs > BlackBerry > Desktop >
Desktop Manager.
4. Double-click the Application Loader icon.
5. Click Next.
6. Select the BlackBerry S/MIME Support Package
check box.
7. To download Department of Defence (DoD) root
certificates, select the DoD Root Certificates
check box.
8. Click Next.
9. Click Finish.
Related topics
Legal notice (See page 33.)
Related topics
Legal notice (See page 33.)
User Guide Supplement
8
BlackBerry Certificate Synchronization
Manager
2
About the BlackBerry Certificate Synchronization
Manager
Open the BlackBerry Certificate Synchronization
Manager
About certificate information icons
View certificates
View certificate information
View certificate status
Synchronize certificates
Import certificates from your company’s network
Search for a certificate on an LDAP server
Change certificate labels
Set the security level of private keys
View OCSP or CRL certificate server information
View LDAP certificate server information
Add OCSP or CRL certificate servers
Add LDAP certificate servers
Manage certificate servers
About Entrust digital IDs
Use Entrust digital IDs with the BlackBerry Certificate
Synchronization Manager
About the BlackBerry Certificate
Synchronization Manager
The BlackBerry® Certificate Synchronization Manager
is designed to enable users of supported BlackBerry
devices to obtain certificates from numerous sources,
download certificates to their BlackBerry device, and
verify the authenticity and status of certificates.
Certificate status information and certificate server
information is designed to be sent between Certificate
Authority (CA), Lightweight Directory Access Protocol
(LDAP), Online Certificate Status Protocol (OCSP), and
Certificate Revocation List (CRL) servers and the
BlackBerry Certificate Synchronization Manager on the
desktop computer, and from the desktop computer to
the BlackBerry device through the standard
synchronization process (across a serial or USB
connection).
Open the BlackBerry Certificate
Synchronization Manager
Verify that your BlackBerry® device is connected to
your computer. On the taskbar, click Start. Click
Programs > BlackBerry > Desktop > Desktop
Manager. Double-click the Certificate Sync icon.
User Guide Supplement
About certificate information icons
In the BlackBerry® Certificate Synchronization
Manager, on the Personal Certificates, Other People’s
Certificates, and Root Certificates tab, the following
icons appear:
A selected check box indicates that the
certificate is stored on the BlackBerry device.
The icons in this column provide information
about the properties of a certificate.
The certificate chain is trusted. The certificate
chain revocation status is good, and the
certificate chain is valid.
The revocation status of the certificate chain is
unknown, or a public key in the certificate chain
is weak.
The certificate chain is untrusted, revoked,
expired, not yet valid or could not be verified.
View certificates
In the BlackBerry® Certificate Synchronization
Manager, perform one of the following actions:
• To view certificates that are assigned to you, click
the Personal Certificates tab.
• To view certificates for another person that have
been validated by a root Certificate Authority and
to authenticate the identity of the person to
whom they are assigned, click the Other People’s
Certificates tab.
• To view certificates that originate from a root
Certificate Authority and are considered
trustworthy, click the Root Certificates tab.
On the server tabs, the following fields appear:
• Certificate Label: This field specifies the name of
the certificate. By default, the name of the
certificate holder is used.
• Security: This field specifies the security level of
the certificate that contains a private key. This
field only appears on the Personal Certificates tab.
• Email Address: This field specifies the email
address of the certificate holder.
• Subject: This field specifies detailed information
about the certificate holder.
• Issuer: This field specifies detailed information
about the certificate issuer.
• Serial Number: This field specifies the certificate
serial number in hexidecimal format.
• Certificate Source: This field specifies the display
name of the certificate server on which the
certificate resides or the Microsoft® Windows®
store in which the certificate was found.
View certificate information
In the BlackBerry® Certificate Synchronization
Manager, click a server tab. Right-click a certificate.
Click View Certificate.
• Serial Number: This field specifies the certificate
serial number in hexidecimal format.
• Issuer: Detailed information about the certificate
issuer.
• Valid From: This field specifies the date from
which the certificate is valid as set by the issuing
Certificate Authority.
• Valid To: This field specifies the expiration date
that is set by the issuing Certificate Authority.
• Subject: Detailed information about the
certificate holder.
• Public key: This field specifies the standard to
which the public ley complies. The BlackBerry
device supports Rivest Shamir Adleman (RSA),
Digital Signature Algorithm (DSA), and Elliptic
Curve Cryptography (ECC) keys.
• Subject Alternative Name: This field specifies the
email address for the certificate.
• Key Usage: This field specifies approved uses for
the key.
10
2: BlackBerry Certificate Synchronization Manager
• SHA1 thumbprint: This field specifies the Secure
Hash Algorithm, version 1 (SHA1) digital
thumbprint of the certificate.
• MD5 thumbprint: This field specifies the
Message-Digest Algorithm, version 5 (MD5)
digital thumbprint of the certificate.
View certificate status
In the BlackBerry® Certificate Synchronization
Manager, click a server tab. Right-click a certificate.
Click Edit Certificate Properties. Click View
Certificate. Click Certification Path.
Synchronize certificates
To synchronize certificates manually, in the
BlackBerry
a server tab. Select the check box beside a certificate.
Click Synchronize.
Note:
Selected certificates are added to the BlackBerry
device. Certificates that are not selected are removed
from the device.
To set the BlackBerry Desktop Software to synchronize
certificate information automatically, in the BlackBerry
Certificate Synchronization Manager, click Options.
Click the Desktop Preferences tab. Perform one of the
following actions:
• To specify an interval after which certificates
• To synchronize certificates each time your device
Warning:
Verify that you have a Public Key Infrastructure (PKI)
system license for the certificate that you want to
download.
® Certificate Synchronization Manager, click
should be synchronized, set the Synchronize
every field.
is connected to your computer, select the
Synchronize every time the BlackBerry device is
connected option.
Import certificates from your
company’s network
In the BlackBerry® Certificate Synchronization
Manager, click Import Certificate. Select a file. Click
Open.
Note:
You can import certificates that are packaged with
private keys and have a .pfx or .p12 file extension (for
example, personal certificates). You can import other
certificates with a .cer, .der, .crt, .p7b, .p7c, or .key file
extension.
Search for a certificate on an LDAP
server
1. In the BlackBerry® Certificate Synchronization
Manager, click the Other People’s Certificates
tab.
2. Click Find in LDAP.
3. Select one or more LDAP server(s).
4. Type certificate holder information in one or more
of the following fields: First Name, Last Name,
Email.
5. Click Search Now.
Note:
To store a certificate in the BlackBerry Certificate
Synchronization Manager, select a query result. Click
Mark for addition.
Change certificate labels
In the BlackBerry® Certificate Synchronization
Manager, click a server tab. Right-click a certificate.
Click Edit Certificate Properties. Perform one of the
following actions:
• To specify a name for the certificate, in the
Certificate Label section, type a name.
11
Loading...