BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 07-02-2008, 09:03 AM   #1 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Model: 9500
OS: 4.7.0.78
Carrier: AT&T
Posts: 25
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Question About Wireless Key Regeneration

Please Login to Remove!

I am working with someone at DISA to bring the current Blackberry STIG checklist up to date.

Currently in the checklist, there is a requirement to have a user sync their device with the Desktop manager every 30 days to update the Master Encryption key. This was for older devices before 4.1. Now with 4.1, this is all done wirelessly.

Because this needs to be official, I need to state why and how this is being done. I know it is somewhat automatic and you can still connect the device to the BES and do it or manually do it from the device but I need the exact wording.

I am looking at the Security Guide for BES 4.1.5 and from what I have read, does not specifically mention that it automatically regenerates the key over the air.

Any docs that you can provide to me would be much appreciated.

Thanks,

Thomas

Last edited by laskint : 07-02-2008 at 09:04 AM.
Offline  
Old 07-02-2008, 09:49 AM   #2 (permalink)
BlackBerry Extraordinaire
 
gibson_hg's Avatar
 
Join Date: Dec 2007
Model: NA
PIN: 80081ES
Carrier: NA
Posts: 1,006
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Every 30 days the BES sends a command to the BB to update it's Encryption Key. Once it has been done the BB sends the ACK back to the BES. As far as I know it's 30 days from activation or the last encryption key update.

So as far as flow goes:

1. BES sends the update command

2. HH receives command and updates the key

3. BB sends acknowledgement

I'm not sure if this can be seen in the logs, wouldn't surprise me. Someone here might know what log line to search for.
Offline  
Old 07-02-2008, 09:52 AM   #3 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by gibson_hg View Post
Someone here might know what log line to search for.
You must be referring to "hdawg, resident log whore".
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 07-02-2008, 10:09 AM   #4 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

logs?!??!?! where?!?!??!?!

gibson is spot on with the process ...

well ... since I've been taunted on my log love ... here you go:

KB05429 - Recommendation on the use of Triple DES or AES for BlackBerry transport layer encryption

The end of the KB Article explains what log entries to look for and what they mean.

If you want to see the actual encryption keys, they're in the BESMgmt database in the UserConfig table.
Offline  
Old 07-02-2008, 10:58 AM   #5 (permalink)
Knows Where the Search Button Is
 
Join Date: Apr 2005
Model: 9500
OS: 4.7.0.78
Carrier: AT&T
Posts: 25
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks hdawg but kb05429 only speaks about 3DES and AES encryption but not the actual Wireless Encryption Key regeneration process.
Offline  
Old 07-02-2008, 03:13 PM   #6 (permalink)
CrackBerry Addict
 
The BlackBerry Kid's Avatar
 
Join Date: Apr 2008
Location: Natick Mass
Model: 9700
PIN: it is under my battery, and status page
Carrier: T-Mobile
Posts: 741
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

i had no clue about that...i guess i ain't a talking blackberry encyclopedia like my profile says.
__________________
Anthony
T-Mobile BlackBerry Bold 9700. blackberry used as of 4-21-08 I love my
Offline  
Old 07-02-2008, 07:09 PM   #7 (permalink)
BlackBerry Genius
 
hdawg's Avatar
 
Join Date: Aug 2006
Model: hdawg
PIN: port3101.org
Carrier: hdawg
Posts: 6,632
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by laskint View Post
Thanks hdawg but kb05429 only speaks about 3DES and AES encryption but not the actual Wireless Encryption Key regeneration process.
gibson explained the process.

You may be able to get more logging detail by increasing the debug log level ... if you need more than has been stated here I'd give RIM a call and talk with TSupport.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.