San Jose (CA) – Research in Motion (RIM) used the RSA security conference to promote the PGP Support Package, which encrypts and decrypts emails to and from the wireless device. While the technology has been available for more than four months, there was little adoption so far. RIM hopes this will change with a new software update.
RIM has built the reputation of its Blackberry service on the perception of secure communication. So it was not really a surprise that the company began offering an additional layer of security with a PGP Support Package last October. According to Mike Kirkup, technical partnership manager at RIM, Blackberry users haven’t been exactly rushing to get PGP so far, as the software requires the support of the latest version of Blackberry software (4.1).
The PGP Support Package consists of multiple pieces. In addition to the client software, PGP software is also installed on the company’s email servers, which can be either Microsoft Exchange or IBM’s Lotus Domino. Finally, the company must have a PGP Universal Server that distributes and stores the keys.
When all components are in place, users can easily encrypt and decrypt emails with their Blackberry devices. Several encryption algorithms are supported, including AES (256, 192 and 128 bit), Triple DES and CAST. Organizations can set policies on what algorithms are allowed to be sent and received by their employees.
The typically tricky process of managing public and private keys is handled by the software. Whenever an encrypted email arrives, the screen will show the algorithm and bit strength of the encryption as well as the information whether they are trusted or not. Public keys, used to decrypt the message, are wirelessly fetched from the company’s network. These keys are cached by the Blackberry device for 24 hours. If another email is received from that sender after that period, the key will be retrieved from the server again. Private keys, used for the encryption of emails, are stored permanently on the device.
Kirkup told us that the PGP package offers “an extra degree of safety and true end-to-end encryption.” The handling of PGP encrypted emails is as easy as dealing with simple email, as we could see in the demonstration at the RIM booth.
RIM expects PGP adoption to increase as providers start selling more devices with updated software.