You can find some answer below :
Decrypting and reading messages on the BlackBerry device using Lotus Notes API 7.0
The BlackBerry® Enterprise Server Version 4.1 or later for IBM® Lotus® Domino® with Lotus Notes® API 7.0 automatically turns on support for reading IBM Lotus Notes encrypted messages and S/MIME encrypted messages on the BlackBerry device. Lotus Notes API 7.0 requires the BlackBerry device user’s Notes .id file and password to decrypt the received secure messages. The BlackBerry device user must manually click Import Notes ID and attach a copy of the Notes .id file that they used to login.
If a BlackBerry device user has support for this feature turned on, the BlackBerry device forwards or replies to an encrypted message that the BlackBerry device has received, decrypted, and decompressed, the BlackBerry Enterprise Server for IBM Lotus Domino decrypts the message before the BlackBerry device sends the message to the recipient as plain text. The BlackBerry Enterprise Server administrator can set the Disable Notes Native Encryption Forward And Reply IT policy rule to prevent BlackBerry device users from forwarding and replying to IBM Lotus Notes encrypted messages on their BlackBerry devices.
IBM Lotus Notes and S/MIME message decryption process
If a BlackBerry device user sets support for reading IBM Lotus Notes and S/MIME encrypted messages on the BlackBerry device, when the BlackBerry device user receives an IBM Lotus Notes or S/MIME encrypted message, the BlackBerry Enterprise Server for IBM Lotus Domino decrypts the message using the following process:
1. A BlackBerry device user receives an IBM Lotus Notes and S/MIME encrypted message.
2. The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent decrypts the BlackBerry device user’s cached Notes .id password and uses the decrypted password to decrypt the message.
If the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent does not have the Notes .id password, the BlackBerry device user must select More, More All, or Open Attachment to pull the decrypted message to the BlackBerry device.
3. The BlackBerry Enterprise Server deletes the decrypted Notes .id password from memory. The encrypted Notes .id password remains cached.
4. The BlackBerry Enterprise Server pushes the decrypted message to the BlackBerry device, where the user can read the message.
Notes .id password protection
After a BlackBerry device user imports the Notes .id file and password (stored in the Notes .id file), the password is
• encrypted in BlackBerry device memory using AES with the BlackBerry device user’s master encryption key
• encrypted in the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent memory using AES with the BlackBerry device user’s master encryption key
• decrypted before being used to call the required Lotus Notes API security functions
The BlackBerry Enterprise Server for IBM Lotus Domino messaging agent deletes the Notes .id files and plain text passwords it stores when
• a message decryption failure occurs on the BlackBerry Enterprise Server
• the BlackBerry Enterprise Server restarts
• the password times out (the default expiration timeout is 24 hours)
The encrypted Notes .id password remains stored in the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent memory cache.
The BlackBerry device deletes the Notes .id files and plain text passwords from BlackBerry device memory when
• a message decryption failure occurs on the BlackBerry device
• the BlackBerry device resets
• the password times out (the default expiration timeout period is 24 hours)
If a BlackBerry device user types more than ten consecutive incorrect passwords on the BlackBerry device within one hour, the BlackBerry Enterprise Server for IBM Lotus Domino messaging agent makes secure messaging unavailable to that BlackBerry device user for one hour.
The temporary disabling period increases by ten minute increments to a limit of 24 hours. It increments each time a BlackBerry device user exceeds the maximum number of failed password attempts, and defaults back to one hour when the user types the correct password.
When secure messaging is temporarily unavailable, a BlackBerry device user can manually re-enable secure messaging by importing the Notes .id file, or changing their Notes .id password using the BlackBerry Desktop Software or the Domino Web Access client.
Protecting stored data