Can anyone confirm whether there is actually end-to-end encryption with Blackberry Messenger, or if these messages are clear text at any point? My powers that be want confirmation on the security of this communication. We currently use a BES and PGP for endpoint encryption of staff emails, but they would like the delivery reports, etc. available in messenger.

Where do I find this confirmation?

We dropped our T2 support after just one year, for obvious reasons to anyone who subscribed to it, and now have to guess at simple questions like this...

(rant - Of course, we could never trust the tech at T2, as answers fell out of their mouths willy-nilly, like "Of course your emails are always encrypted" when I asked them about emailing other organizations! What bollocks!)

Yes, BlackBerry Messenger is scrambled from end-to-end as it uses PIN messaging as its transport. All traffic is over RIM's infrastructure exclusively, and never leaves it.
All BlackBerry devices share a common encryption key which is used for this purpose.

Additionally, if on a BES, you can also add a peer-to-peer encryption key for an additional layer of encryption. However, doing so will create an environment where your BES users will only be able to use PIN messaging and BlackBerry Messenger with other users on the same BES.

This may not provide the exact answer you're looking for...but here is how to disable encryption

KB13016 - How To disable PIN encryption on the BlackBerry Enterprise Server - Port3101.org : Your BES Connection

Wirelessly posted

I have peer-to-peer encryption on my BES and I'm still able to communicate with other bbm outside my BES.

No, you don't.
That's impossible.

Wirelessly posted

Hmmmm, I will have to double check on this when I get in tomorrow.

I do remember, there was an occassion when we could not communicate with other bbm and after speaking with RIM I found out that my peer-to-peer key was corrupt, once they helped me sort that out, all was well. But I will double check tomorrow.

slahm, no offense but what did you think they might say. "Well, no not really. About 27% of the time the messages aren't encrypted." ???

The answer actually IS "Of course your emails are always encrypted!!"

Emailing another organization from your BB has no more or less to do with whether a message is encrypted than emailing someone inside your company. Period.

Your BlackBerry establishes a secure tunnel between itself and the BES at your company all via the internet, essentially just like any vpn connection does more or less. (lets not debate the intricacies). If you trust the BB to send a message to a co-worker, you trust it to send to ANY email address in the world.

When you compose and "send" a message from your bb. The email doesn't travel from your device over the cellular data network and route directly to the othercompany.com mailserver... NO, It encrypts and securely sends the constructed message with the address of who you sent it to over the cellular data network to YOUR companies BES, which decrypts the contents based on the ever changing encrypting keys that are passed and verified between said BES and BB. THEN your BES communicates internally to your Exchange or Notes account on your behalf using elevated permissions granted by your companies IT and Security Administrator, which then sends the message via your companies outbound mail transport of your company mail server, JUST as if you sent it from your email client sitting at your desk on your intranet at work...

The BlackBerry let go of the message LONG ago. In fact, as soon as it encrypted then sent it over the cellular network to the destination, it doesn't care anymore. If your companies BES doesn't "know" how to decrypt the message coming to it from your BB or ANY device for that matter... it just tosses the packets aside. End of story.

In many ways, messages you send from your BB are MORE secure than messages sent from your desk client, in that while the BB and BES have anything to do with it, the message is encrypted with AES or Triple DES encryption.

See BlackBerry - Enterprise Solution Architecture

Sorry for the rant, but thought it needed a little defending. And for what it's worth I have been very pleased for years with the same T2 support you had.

let's not feed the crazies any ideas...

ok ok, sorry bout the soap box...