ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Configuring BlackBerry Devices to Work with PGP Universal and BlackBerry Enterprise Server 5.0.x


Article ID: 157272


Updated On:


Symantec Products


If your organization's environment includes a PGP Universal Server, you can connect the BlackBerry® Enterprise Server to PGP Universal Server, so that a BlackBerry device can send and receive PGP encrypted messages.

BlackBerry Devices are managed by the BlackBerry Enterprise Server (BES) IT Policies and these policies contain settings and preferences for BlackBerry mobile device including settings for the PGP Support Package for BlackBerry. In recent BlackBerry versions, the PGP Support Package for BlackBerry is included in the BlackBerry® Device Software. However, always use the latest version of software available for your BlackBerry mobile device.



If you do not have a PGP Universal server or if you are using, a CKM key (CKM keys are not stored on PGP Universal Server), send an email to BlackBerry device with your keypair attached to an email, as this keypair will be used as a part of PGP Universal enrollment process.  If you have a PGP Universal Server, please note that PGP user accounts will NOT be created on PGP Universal Server when enrolling from a BlackBerry device.  Hence, you must create internal user accounts on PGP Universal Server prior to enrolling a BlackBerry device to use PGP encryption. For creation of internal user accounts on PGP Universal Server, enroll through bound PGP Desktop client or upload the keypair to server prior to further actions.

Note: The BlackBerry Enterprise Server communicates with the PGP Universal server over port 443.

1. Start BlackBerry mobile device and complete Enterprise Activation process if using BlackBerry mobile device for the first time.  Enterprise Activation process is described on the following page

2. If you have already used the device with a BlackBerry Enterprise Server (BES) and completed the Enterprise Activation process, then make sure that the BlackBerry device appears in the proper policy on the BES.  You may view IT Policy Name on your BlackBerry device in Options menu following Security options > General Settings.

3. Configure settings on the PGP Application tab in the respective IT Policy rule on the BES. Use following guide for this process A detailed policy reference guide can be found here.

4. Install the PGP Support Package for BlackBerry via Device Manager (Device must be plugged to a computer with latest BlackBerry Handheld Software package which includes Applications and Operation Software - or install PGP Support Package for BlackBerry via the BES (aka "Over-The-Air" (OTA).  Device must be connected wirelessly to a BlackBerry Enterprise Server -

5. Re synchronize IT Policy on BlackBerry device with the BES. For this, restart the the device and pull the battery out, or use Resend IT Policy action on BlackBerry Server -

6. The BlackBerry mobile device should prompt the user to enroll and authenticate with PGP Universal Server after restarting the device or when you attempt to send email from the device. Perform enrollment as described in User Guide for the PGP Support Package for BlackBerry

When enrollment completes, you should be able to send and receive PGP encrypted mail.

General security information and features description of PGP Support Package for BlackBerry is available in the Security Technical Overview.

The following ports have to be opened for communication between PGP® Universal Server and BlackBerry® Enterprise Server


Port Number
Protocol Name
80 HTTP Certificate Revocation Checks (CRC) using Certificate Revocation List (CRL) or over Online Certificate Status Protocol (OCSP)
Key Search Communication with PGP Universal Server over Universal Server Protocol (USP)
Key Search Communication and retrieval. Certificate Search.
Key Search Communication and retrieval. Certificate Search.
Mail retrieval (only in case of Internal Placement of bound PGP Universal Server)
Mail retrieval (only in case of Internal Placement of bound PGP Universal Server)
Mail delivery (only in case of Internal Placement of bound PGP Universal Server)

Applies To

PGP® Universal Server version 3.x

BlackBerry® Enterprise Server version 5.0.x

BlackBerry® Device Software version 4.2.2+