How to change the encryption method on the BlackBerry Enterprise Server

Article ID: KB12821

Type: Support Content

Last Modified: 12-14-2011


Product(s) Affected:

  • BlackBerry Enterprise Server for Novell GroupWise
  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry® Enterprise Server 4.0 to 5.0
  • BlackBerry® smartphones 

To correctly change the encryption method using the BlackBerry® Enterprise Server 4.0 or 4.1, complete the following steps:

  1. Open BlackBerry Manager.
  2. Select Edit Server Properties.
  3. Change the encryption method to both Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES). This will cause the BlackBerry Enterprise Server to regenerate encryption keys for all BlackBerry smartphone users.
  4. Make sure to leave the encryption method set to both long enough for all BlackBerry® smartphone users to contact the BlackBerry Enterprise Server and be able to send and receive email messages after the switch. This time will vary depending on the environment.
  5. Change the encryption method to AES.

To change the encryption algorithm from the BlackBerry® Administration Service Web Admin console, complete the following steps:

  1. Log in using the BlackBerry Administration Service Web Admin console.
  2. Under Server and Components, navigate to BlackBerry Solution Topology > BlackBerry Domain > Component View > BlackBerry Enterprise Server.
  3. Select the BlackBerry Enterprise Server name.
  4. In the right pane, select the Instance Information tab then select Edit instance.
  5. In the drop-down list, change the encryption algorithm option and then, in the Security Information section, select the desired Encryption Algorithm.
  6. Select Save All.


NOTE: A BlackBerry smartphone running an earlier version than BlackBerry® Device Software 4.0 will not be able to communicate with a BlackBerry Enterprise Server set to use AES only.

CollapseAdditional Information

The encryption method used by the BlackBerry Enterprise Server cannot be directly changed from AES to Triple DES or vice versa. Doing so will cause the BlackBerry smartphones to become unable to communicate with the BlackBerry Enterprise Server until the users manually generate new encryption keys or cradle their smartphones.

As soon as the encryption method is switched, the BlackBerry Enterprise Server is no longer able to send packets to, nor accept packets from, the smartphone using the previous encryption method. This behavior is by design. For further information, see KB13160 .


By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.

Visit the BlackBerry Technical Solution Center at