The Security APIs include the RIM Cryptographic API and Content Protection.
RIM Cryptographic API
Using the RIM Cryptographic API, you can encrypt and decrypt data, digitally sign and verify data, work with highly secure connections, and manage cryptographic keys.
Secure Messaging API: The Secure Messaging API is an implementation of the CMS standard. CMS specifies standard content types for cryptography. It describes message and transmission formats for those content types. S/MIME is built on CMS. The net.rim.device.api.crypto.cms package provides classes to help you create and manage CMS content types.
Secure Connection API: The Secure Connection API defines protocol functionality that you can use to establish highly secure communication. You can use the following protocols:
SSL: SSL is designed to secure data that is sent over TCP/IP connections; it is used in the implementation of HTTPS. SSL is provided in the net.rim.device.api.crypto.tls.ssl30 package.
TLS: TLS is a standard from the IETF that is based on SSL version 3. TLS was designed to replace SSL and has been widely adopted. TLS is provided in the net.rim.device.api.crypto.tls package and the net.rim.device.api.crypto.tls.tls10 package.
WTLS: WTLS is a layer on top of WAP rather than TCP/IP. Securing wireless communications that use WAP involves using WTLS between the client smartphone and the WAP gateway, and one of SSL or TLS beyond the WAP gateway. WTLS is provided in the net.rim.device.api.crypto.tls.wtls20 package.
Keystore API: A key store is a database that stores cryptographic keys and certificates. Each BlackBerry smartphone has a key store that is preloaded with root certificates for all of the certificate authorities. This practice makes it possible for BlackBerry smartphone users to trust the root certificates, which form the basis for all subsequent chains of trust. Key store classes are provided in the net.rim.device.api.crypto.keystore package.
Certificate API: Certificates are electronic documents that hold keys, along with identifying information. There are several packages to help you manage cryptographic certificates:
Encoder API: Encoding is the process of converting data from one format to another. While it is often part of the encryption process, encoding is not the same as encryption and is generally not secure. Keys are encoded to provide a standard representation, not to protect their identity. Classes for encoding keys and signatures are provided in the net.rim.device.api.crypto.encoder package.
ASN1 API: Most applications use certificates that are produced by a certificate authority. If you need to parse or read certificates yourself, you must use the net.rim.device.api.crypto.asn1 package.
OID API: Object identifiers are managed with the net.rim.device.api.crypto.oid package.
Primitives API: Cryptographic primitives are the keys, MACs, ciphers, unkeyed algorithms such as digests and PRNGs, and other functionality associated with both symmetric and public key cryptography. Cryptographic primitives are provided in the net.rim.device.api.crypto package.
Content protection addresses the problem of someone stealing a smartphone and copying its data, which may be possible even when data is encrypted and the smartphone is locked. Content protection encrypts data in such a way that the encryption key is inaccessible when the smartphone is locked.
There are three parts to a content protection implementation:
- There is content protection functionality on everyBlackBerry smartphone. To use it, the smartphone must have a device password, and content protection must be enabled by the smartphone user or by an IT policy rule.
- To protect data in an application, the application must subscribe to the content protection framework by registering a listener.
- Content protection functionality is triggered by the user locking and unlocking the smartphone.
Content protection can be used to encrypt data in String objects or byte arrays. Content protection can apply to data that is not persisted, but the Content Protection API contains specific functionality for the persistent store.
The following classes and interfaces are used to implement content protection:
- net.rim.device.api.system.PersistentContent: This class contains utility methods for encoding and decoding data, registering listeners, and performing other tasks related to content protection.
- net.rim.device.api.system.PersistentContentListener: This listener interface lets your application receive notifications when there are changes to a smartphone's content protection state or content protection settings.
- net.rim.device.api.system.PersistentContentException: This exception is thrown when an error occurs with content protection.
BlackBerry Enterprise Server administrators can set IT policy rules that distinguish work and personal information on BlackBerry smartphones in their organization. You can use the Multiservice Platform API to implement BlackBerry Balance features in your apps.
The net.rim.device.api.system.MultiServicePlatformManager class and the net.rim.device.api.system.MultiServicePlatformListener interface allow you to implement controls on data access and create listeners that allow administrators to delete data remotely. Modes (such as work) are defined in the net.rim.device.api.system.ServiceMode class. The net.rim.device.api.system.Application class includes methods to work with modes. The PL_INVALID_OPERATION exception is generated when an unauthorized, personal or non-work application attempts to delete, create, read, or change a work file.