Generating organization-specific encryption keys for PIN-message encryption
By default, all BlackBerry devices store a common PIN encryption key that they use to protect PIN messages. To limit the number of devices that can decrypt PIN messages that BlackBerry
device users in your organization send from their devices, you can generate a new PIN encryption key that is stored on and known only to devices in your organization. A device that has a PIN encryption key that is specific to your organization can perform the following actions:
- can only encrypt PIN messages sent to other devices on your organization's network that use the same PIN encryption key
- can only decrypt PIN messages that are sent from devices that use the global PIN encryption key or PIN messages from other devices on your organization's network that use the same PIN encryption key
- cannot decrypt PIN messages sent from devices that use a PIN encryption key from another organization
You should generate a new PIN encryption key if you know that your current organization-specific PIN encryption key is compromised.