Skip to content
Help and manuals  >  Devices  >  BlackBerry Q10  >  BlackBerry Hub and email
Version: 10.3.1

Securing your email

You can digitally sign or encrypt messages if you use a work email account that supports S/MIME or PGP protected messages or IBM Notes email encryption on your BlackBerry device. Digitally signing or encrypting messages adds another level of security to email messages that you send from your device.

Digital signatures are designed to help recipients verify the authenticity and integrity of messages that you send. With S/MIME-protected messages, when you digitally sign a message using your private key, recipients use your public key to verify that the message is from you and that the message hasn't been changed.

Encryption is designed to keep messages confidential. With S/MIME-protected messages, when you encrypt a message, your device uses the recipient’s public key to encrypt the message. Recipients use their private key to decrypt the message.

If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted email messages. You need to store your private key on your device to send digitally signed email messages.

If your device is associated with a CRL or an OCSP server, when you add recipients to an encrypted message, your device tries to retrieve a certificate status for each recipient. You are unable to send the message until certificate statuses are received for all recipients. If certificates can't be found or are invalid, the recipients' names appear as red.

Set up S/MIME-protected messaging

You need to store a private key and certificate on your BlackBerry device to send digitally signed or encrypted email messages using S/MIME-protected messaging. You can store a key and certificate by importing the files from a work email message or a media card.

Your BlackBerry device supports keys and certificates in the following file formats and file name extensions:
  • PEM (.pem, .cer)
  • DER (.der, .cer)
  • PFX (.pfx, .p12)
  1. Open a work email message with a certificate attachment.
  2. TapThe certificate attachment icon.
  3. If necessary, enter the password.
  4. Tap Import or Import All.
  5. Tap The Back icon.
  6. In the BlackBerry Hub, tap The More icon > icon_10_3_core_settings > Secure Email.
  7. If necessary, tap the S/MIME tab.
  8. Turn on the S/MIME switch.
  9. Under Signing Certificate, in the drop-down list, tap the certificate that you imported.
  10. Under Encryption Certificate, in the drop-down list, tap the certificate that you imported.

Set up PGP protected messaging

If you use a work account that supports PGP protected messages, you can digitally sign, encrypt, or sign and encrypt messages using PGP protection. You need to store the recipient's public key on your BlackBerry device to send encrypted email messages. You need to store your private key on your device to send digitally signed email messages.

Your device supports keys in the following formats and file name extensions:
  • PEM (.pem, .cer)
  • ASC (.asc)
  1. Open a work email message with a PGP key attachment.
  2. Tap The PGP Key icon.
  3. Tap Import or Import All.
  4. If necessary, enter the password.
  5. Tap The Back icon.
  6. In the BlackBerry Hub, tap The More icon > The Settings icon > Secure Email.
  7. If necessary, tap the PGP tab.
  8. Turn on the PGP switch.
  9. Under PGP Signing Key, in the drop-down list, tap the key that you imported.
  10. Under PGP Encryption Key, in the drop-down list, tap the key that you imported.

Turn on IBM Notes email encryption

Before you begin: A work account that supports IBM Notes email encryption must be added to your device.
  1. In the BlackBerry Hub, tap The More icon > The Settings icon > Secure Email.
  2. If necessary, tap the NNE tab.
  3. Turn on the NNE switch.

Sign or encrypt a message

You must use a work email account that supports IBM Notes mail encryption to send an encrypted email message, or an email account that supports S/MIME or PGP protected messages to send a signed or encrypted email message.

  1. When you compose a message, slide your finger down on the screen.
  2. In the drop-down list, tap a signing or an encryption option.

Note: If your BlackBerry device is associated with a CRL or an OCSP server, when you add recipients to an encrypted message, your device tries to retrieve a certificate status for each recipient. You are unable to send the message until certificate statuses are received for all recipients. If certificates can't be found or are invalid, the recipients' names appear as red.

Update secure email settings

Depending on your permissions, you can change the email security that is used for all the messages you send. For example, if you use S/MIME to protect your messages, you can send clear-signed messages that any email application can open, or opaque-signed messages that only email applications that support encryption can open.

  1. In the BlackBerry Hub, tap The More icon > The Settings icon > Secure Email.
  2. Do any of the following:
    • To turn on S/MIME-protected messaging, tap the S/MIME tab. Turn on the S/MIME switch.
    • To turn on NNE-protected messaging, if necessary, tap the NNE tab. Turn on the NNE switch.
    • To change the preferred method of encoding to use for messages you send, select an option in the Default Encoding drop-down list.
    • To select your preferred method of encoding to use for replies or forwarded messages you send, select an option in the Outgoing Message Encoding drop-down list.
    • To send clear-signed messages, tap the S/MIME tab. Turn on the Send Clear-Text Signed Messages switch.
    • To receive a warning message if there is a problem with a certificate, tap the S/MIME tab. Turn on the Warn About Problems With My Certificates switch.
    • To turn on PGP protected messaging, tap the PGP tab. Turn on the PGP switch.
    • To select a key pair to use for signing messages you send, select an option in the PGP Signing Key drop-down list.
    • To select a key pair to use for encrypting messages you send, select an option in the PGP Encryption Key drop-down list.
    • To view PGP key details for a PGP key pair stored on your BlackBerry device, below either the PGP Signing Key or the PGP Encryption Key drop-down lists, tap View PGP Key.
    • To receive a warning message if there is a problem with a PGP key, tap the PGP tab. Turn on the Warn About Problems With My PGP Keys switch.