E F Johnson Company 2425333 Benutzerhandbuch
10-12
Secure Communication (Encryption)
Rekey - The process of preparing, sending, and loading encryption keys into a subscriber
unit for current or future use. This may be done over-the-air (OTAR) or by directly
connecting a keyloader to the subscriber unit.
unit for current or future use. This may be done over-the-air (OTAR) or by directly
connecting a keyloader to the subscriber unit.
Radio Set Identifier (RSI) - Subscriber units are programmed with one or two Radio Set
Identifier (RSI) numbers that identify the unit for OTAR purposes. The RSI can be unique
to an individual subscriber unit or unique to a group of subscriber units. An individual
(unit) RSI is always assigned and a RSI may be assigned. The individual RSI is typically
programmed when the subscriber unit is initially brought into service. The KMF is also
identified by an RSI (KMFRSI) to use as the destination of any KMMs a subscriber unit
originates. The KMMs (Key Management Messages) generated by the KMF (Key
Management Facility) are addressed to a specific RSI.
Identifier (RSI) numbers that identify the unit for OTAR purposes. The RSI can be unique
to an individual subscriber unit or unique to a group of subscriber units. An individual
(unit) RSI is always assigned and a RSI may be assigned. The individual RSI is typically
programmed when the subscriber unit is initially brought into service. The KMF is also
identified by an RSI (KMFRSI) to use as the destination of any KMMs a subscriber unit
originates. The KMMs (Key Management Messages) generated by the KMF (Key
Management Facility) are addressed to a specific RSI.
Storage Location Number (SLN) - A link to a TEK in a given keyset. A given SLN can
contain two keys, one for the active keyset and one for the inactive keyset. SLNs and
CKRs are equivalent terms (see Section 10.2).
contain two keys, one for the active keyset and one for the inactive keyset. SLNs and
CKRs are equivalent terms (see Section 10.2).
Traffic Encryption Key (TEK) - A key used to encrypt voice or data. The other type of
key is the Key Encryption Key (KEK) which is used to encrypt keys contained in Key
Management Messages. TEKs can be either the AES or DES type.
key is the Key Encryption Key (KEK) which is used to encrypt keys contained in Key
Management Messages. TEKs can be either the AES or DES type.
Unique Key Encryption Key (UKEK) - A KEK unique to a particular subscriber unit.
Refer to “KEK” for more information. These keys can be either the AES or DES type.
Refer to “KEK” for more information. These keys can be either the AES or DES type.
Zeroize - The process of deleting all keys from a compromised subscriber unit to disable
it. To make the unit encryptionally functional again, the keys must be reloaded by a
keyloader.
it. To make the unit encryptionally functional again, the keys must be reloaded by a
keyloader.
10.5 Radio Setup For Encryption
The following radio setup is required for encryption regardless of whether OTAR is used:
Options Enabled - The desired encryption type must have been enabled at the factory
(DES, DES-OFB, AES). To determine what options are enabled, use PC Configure.
(DES, DES-OFB, AES). To determine what options are enabled, use PC Configure.
The following are set through PC Configure. Please refer to the PC Configure
Programming Manual or Help for more information.
Programming Manual or Help for more information.
PID/SLN Mode - If the SLN mode is used, the Keys Table must be programmed also.
Infinite Key Retention - This parameter enables the option to store keys permanently
in memory (see Section 10.2.3).
in memory (see Section 10.2.3).
Erase Keys On Keyset Change - This parameter to erase keys when changing keysets
if the SLN mode is selected and more than one keyset is used (see Section 10.2.5).
if the SLN mode is selected and more than one keyset is used (see Section 10.2.5).