• BlackBerry® Enterprise Server for Microsoft® Exchange versions 3.5 to 4.1

Peer-to-peer encryption can be used with BlackBerry® smartphones that are running BlackBerry® Desktop Software versions 3.2 SP1 and later. BlackBerry smartphone users must have a common encryption key stored on their BlackBerry smartphones to communicate using personal identification number (PIN) messages. Without a common encryption key, PIN messages are sent to the recipient, but cannot be decrypted. In this case, the recipient’s BlackBerry smartphone displays the following error message:

Decryption Failure: Please connect handheld to PC

Note: A BlackBerry smartphone can store two encryption keys.

To configure peer-to-peer encryption for BlackBerry® Enterprise Server versions 3.5, 3.6 and 3.6 SP1 (3.6.1), complete the following steps:

1. In the BlackBerry Enterprise Server Management console, right-click BlackBerry Server Management.
2. Click Update Peer-to-Peer Encryption Key.
3. Select one of the following options:
   • To generate two encryption keys and send them to the BlackBerry smartphone, select Current key is compromised.
   • To generate a single encryption key and send it to the BlackBerry smartphone, select Current key is not compromised.

Note:  The previously generated encryption key expires in seven days and is deleted from the BlackBerry smartphone.

For more information, see the BlackBerry Enterprise Server version 3.5 for Microsoft Exchange Administration Guide.

Note: If you enable peer-to-peer encryption for BlackBerry Enterprise Server versions 3.5 through 3.6.1, you will need to upgrade to BlackBerry Enterprise Server version 3.6 SP2 (3.6.2) to disable it.

To configure peer-to-peer encryption for BlackBerry Enterprise Server version 3.6 SP2 (3.6.2), complete the following steps:

1. In the BlackBerry Enterprise Server Management console, right-click BlackBerry Server Management.
2. Click Other Tasks>Update Peer-to-Peer Encryption Key.
3. Select one of the following options:
   • To generate a new encryption key and send it to all BlackBerry smartphones within the organization, select Set or update the Peer-to-Peer encryption key for all handhelds within this organization.
   • To remove the encryption keys from all the BlackBerry smartphones within the organization, select Remove the encryption keys used to encrypt Peer-to-Peer messages from all handhelds within this organization.
4. Select or clear the Retain current Peer-to-Peer on all handhelds option as a Previous key option. Note: This option will retain the current encryption key on the BlackBerry smartphone to decrypt PIN messages received from BlackBerry smartphones that do not have the new encryption key.
5. Click Yes to update the peer-to-peer encryption key. Follow the prompts to complete the process. For more information, see the BlackBerry Enterprise Server version 3.6 for Microsoft Exchange Administration Guide.

To configure peer-to-peer encryption for BlackBerry Enterprise Server version 4.1 SP2 (4.1.2) and later, complete the following steps:

1. Open the BlackBerry Manager.
2. In the Explorer pane, select BlackBerry Domain.
3. From the task menu, select Service Control & Customization.
4. Select Update PIN Encryption Key.
5. Select Set a corporate peer-to-peer encryption key for all BlackBerry devices in your environment.
6. Click Yes to confirm the changes.