How do I process encrypted mail on a BlackBerry device?

Sending IBM Domino encrypted and signed mail messages can be performed from a BlackBerry 10 device activated on a BlackBerry Enterprise Server 10.0 or higher.

This functionality is implemented using an encryption and decryption strategy that requires server-side access to the user's Notes ID file. The ID file contains the private and public keys necessary to digitally sign, encrypt, and decrypt mail messages. Receiving and reading encrypted mail can be performed on a BlackBerry 10 device without being activated on a BlackBerry Enterprise Server.

For digital signing, encrypting, or decrypting to work, the Notes ID file must be uploaded to the mail file or a Domino ID vault. For more information, see "How do I upload my Notes ID file?" in this topic.

The minimum requirements for processing (sending or viewing) encrypted mail on a BlackBerry device are as follows:
  • IBM Traveler Server 9.0.0.1 IF1 or higher
  • BlackBerry 10 device with OS version 10.2 or higher
  • User's Notes ID must be accessible to the IBM Traveler Server
  • BlackBerry 10 device must be activated on a BlackBerry Enterprise Server (BES) 10.0 or higher for sending encrypted messages
Note: Reading or viewing Domino Encrypted mail on a BlackBerry 10.2 (or higher) device does not require the device to be activated using a BES server.
Note: Only Domino-encrypted mail is supported. Encrypted calendar, to-do, and notebook entries are not supported. SMIME encryption is unavailable.
Note: Use either a secure socket layer (SSL) connection or a virtual private network (VPN) solution when encryption is enabled on the IBM Traveler server.
Note: Domino encrypted mail is referred to as Notes Native Encryption (NNE) on a BlackBerry 10 device.
Table 1. Processing encrypted mail
How do I... Action

Upload my Notes® ID file?

  1. From a computer where you use an IBM Notes client, open a web browser to http://your_IBM_Notes_Traveler_server/traveler.
    Note: If your server is using SSL, then open a web browser to https://your_IBM_Notes_Traveler_server/traveler.
  2. Select Manage the Notes ID.
  3. Select Upload the Notes ID.
  4. In the Notes ID File field, enter the path of your Notes ID file, or browse for it.
  5. In the Password field, enter your Notes ID password.
  6. Select Upload Notes ID.

No action required. User ID files in IBM SmartCloud Notes are automatically vaulted in the service.

Read encrypted mail?

  1. Select the encrypted mail message to read. Encrypted mail will appear with the "lock" icon.
    lock icon
  2. If prompted, enter your IBM Notes ID password. The password is cached and will remain valid for 24 hours from the time that the user entered the password. The user will not receive a password prompt if the password is cached.
Note: The 24-hour caching period is currently not a configurable parameter, nor can it be disabled.

Enable or send encrypted mail?

To enable:
  1. Sending encrypted messages from the device requires that the user enable the ability in the Hub settings, under the Secure Email option (this option is available only when the device is activated with BlackBerry Enterprise Server).
  2. From the BlackBerry 10 device, switch to the Hub.
  3. Open the menu list by selecting the menu icon.
  4. Select Settings from the menu.
  5. IBM Notes Native Encryption can be enabled by selecting ON for the NNE property.
  6. To enable the encryption of all newly created mail, select Encrypt (NNE) for Default Encoding.
Note: Settings options for enabling NNE are not displayed if the user was not activated using BES.
To send:
  1. Select the Compose mail icon to create a new message.
  2. To send, select NNE or Plain Text from the list.
  3. Complete the mail by filling in the rest of the appropriate fields and then click Send.

View signed mail?

  1. Signed mail on the Hub will appear with a "seal" icon .
    signed icon
  2. Open the mail by tapping on the specific message item.
  3. Open the menu list by selecting the menu icon.
  4. Select Settings from the menu.
  5. Select the NNE Details option to view the signature.
Note: Currently there is no support for creating signed mail from the BlackBerry 10 device.