RIM to give in to GAK in India
Arshad Noor
arshad.noor at strongauth.com
Fri May 30 14:58:15 EDT 2008
So, what is it on the device that is using the 3DES key to encrypt
chunks to send to the RIM messaging gateway? Something on the
device has to encrypt/decrypt the data sent to/from the messaging
server? Doesn't that constitute a session even if the 3DES keys
are rotated frequently? (And, if they are, how are the 3DES keys
agreed upon? Doesn't that imply public/private key-pairs or a
master-key?)
Arshad Noor
StrongAuth, Inc.
----- Original Message -----
From: "Victor Duchovni" <Victor.Duchovni at morganstanley.com>
Cc: cryptography at metzdowd.com
Sent: Friday, May 30, 2008 10:41:10 AM (GMT-0800) America/Los_Angeles
Subject: Re: RIM to give in to GAK in India
On Thu, May 29, 2008 at 10:05:17AM -0400, Derek Atkins wrote:
> Arshad Noor <arshad.noor at strongauth.com> writes:
>
> > Even if RIM does not have the device keys, in order to share encrypted
> > data with applications on the RIM server, the device must share a session
> > key with the server; must it not?. Isn't RIM (their software, actually)
> > now in a position to decrypt content sent between Blackberry users? Or,
> > does the Blackberry encryption protocol work like S/MIME?
>
> The enterprise solution does work something like S/MIME.
The keys are symmetric 3DES, and encrypt message chunks (IIRC either
256 or 1K bytes) sent asynchronously to the enterprise messaging gateway.
RIM does not have a secure session with the device. This is not like
S/MIME except that as with S/MIME, this is not hop-by-hop encryption.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list