Unable to Encrypt to Sender's Key on BlackBerry devices

Article:TECH173383  |  Created: 2011-11-01  |  Updated: 2011-11-01  |  Article URL http://www.symantec.com/docs/TECH173383
Article Type
Technical Solution


Unable to encrypt to sender's Key on BlackBerry devices.


With PGP Encryption software, two types of keys are used; DH/DSS and RSA Keys.  RSA Keys have become the default key type in PGP products.  In earlier versions of the PGP software, DH/DSS keys were used as the default, however that quickly became replaced with RSA to include increased key functionality such as s/mime encryption support.

When the PGP Support Package for BlackBerry was originally developed, RSA keys was the anticipated key to be used and full encryption/decryption functionality was available with those keys.  DH/DSS keys were also part of support, however with limited functionality to signing only.


While it is possible to use DH/DSS keys for encryption on BlackBerry devices, this is not the intended design and is not a guaranteed to encrypt properly. There are cases when DH/DSS keys may actually prevent proper encryption from happening.  One scenario is encrypting to the sender's key may not be possible without specifying the sender in the message--it may be impossible to encrypt to the sender's key unless specifying the sender as one of the recipients in the "TO" or "CC" fields.  If the sender is not specified in the "TO" or "CC" fields, it is known to sometimes not encrypt to these recipients. 

There may be other scenarios where encryption may not work with DH/DSS keys that are undefined.  As this is the case, RIM recommends using RSA keys as the supported key type on the PGP Support Package for BlackBerry.  Using DH/DSS keys may result in improper encryption of emails on BlackBerry devices.

Using PGP RSA keys has full encryption functionality on BlackBerry devices.  There are no further plans to support DH/DSS on BlackBerry devices.  If using DH/DSS keys in an environment that may use the PGP Support Package for BlackBerry, it is recommended to switch to RSA keys before enrolling the user to a PGP Universal Server on the BlackBerry deices.

Article URL http://www.symantec.com/docs/TECH173383

Terms of use for this information are found in Legal Notices