E F Johnson Company 2425333 Benutzerhandbuch
10-8
Secure Communication (Encryption)
may be unique to a particular radio (UKEK) or common to a group of radios (CKEK).
The SMA or KVL-3000 create only UKEKs, therefore you create and load UKEKs
before using OTAR.
The SMA or KVL-3000 create only UKEKs, therefore you create and load UKEKs
before using OTAR.
10.4.2 Keysets
To simplify key management, OTAR divides the TEK keyspace into multiple sets. Exactly
one of these sets is said to be active at any given time, and only keys in the currently active
set will be selected for use when encrypting voice traffic. The 5300 radio supports two
such keysets, Keyset 1 and Keyset 2. The valid SLN range for Keyset 1 and Keyset 2 is 1
through 4095. 5300 radios can be assigned up to 64 SLNs in this range. See Figure 10.1.
one of these sets is said to be active at any given time, and only keys in the currently active
set will be selected for use when encrypting voice traffic. The 5300 radio supports two
such keysets, Keyset 1 and Keyset 2. The valid SLN range for Keyset 1 and Keyset 2 is 1
through 4095. 5300 radios can be assigned up to 64 SLNs in this range. See Figure 10.1.
Notice that if all radios in a cryptonet are using traffic keys from the same active keyset,
the keys contained in the inactive keyset of each radio can be replaced without disrupting
encrypted communications. Once the keys in the inactive keyset are replaced for every
radio in a given cryptonet, the radios can switch active keysets and start using the new
keys. After all radios are using the new keys, the keys in the previously used keyset can
then be replaced, and so on. It is the task of the Key Management Facility to coordinate
this key cycling activity.
the keys contained in the inactive keyset of each radio can be replaced without disrupting
encrypted communications. Once the keys in the inactive keyset are replaced for every
radio in a given cryptonet, the radios can switch active keysets and start using the new
keys. After all radios are using the new keys, the keys in the previously used keyset can
then be replaced, and so on. It is the task of the Key Management Facility to coordinate
this key cycling activity.
While the active keyset is usually selected by the Key Management Facility, it can also be
selected by the radio user if the KY CHG option switch is programmed. In this fashion,
two keysets can be used even if OTAR is not being used. Note that the radio must be in
SLN mode (see Section 10.2.2) to make use of keysets.
selected by the radio user if the KY CHG option switch is programmed. In this fashion,
two keysets can be used even if OTAR is not being used. Note that the radio must be in
SLN mode (see Section 10.2.2) to make use of keysets.
KEKs are always placed in Keyset 255, and are always considered to be active. The valid
SLN range for Keyset 255 is 61440 through 65535. While KEKs can reside in any SLN
within this range, traditionally UKEKs will reside in SLN 61440 and/or 61442, and
CKEKs, if present, will reside in 61441 and/or 61443. The EFJohnson KMF uses SLN
61440 for DES UKEKs and 61442 for AES UKEKs.”
SLN range for Keyset 255 is 61440 through 65535. While KEKs can reside in any SLN
within this range, traditionally UKEKs will reside in SLN 61440 and/or 61442, and
CKEKs, if present, will reside in 61441 and/or 61443. The EFJohnson KMF uses SLN
61440 for DES UKEKs and 61442 for AES UKEKs.”
If Erase Previous Keyset on OTAR Changeover is selected in PC Configure, the keys in
the original keyset are erased when the OTAR Changeover command or the Keyset option
switch are used to select the other keyset. If this not selected, the keys in the original
keyset are not erased when this occurs. Please note that this only erases keys on an OTAR
changeover: It does not erase keys on a manual keyset changeover from either the menu or
function button.
the original keyset are erased when the OTAR Changeover command or the Keyset option
switch are used to select the other keyset. If this not selected, the keys in the original
keyset are not erased when this occurs. Please note that this only erases keys on an OTAR
changeover: It does not erase keys on a manual keyset changeover from either the menu or
function button.