E F Johnson Company 2425341 Benutzerhandbuch
SECURE COMMUNICATION (ENCRYPTION)
60
key loader are themselves encrypted. EFJohnson
offers a PDA-based keyloader.
offers a PDA-based keyloader.
Logical Link ID (LLID) - An ID transmitted with a
data message to identify the destination of the
message.
data message to identify the destination of the
message.
Message Number Period (MNP) - The maximum
difference between message numbers that can occur
before a message is declared invalid (see Section
11.4.6).
difference between message numbers that can occur
before a message is declared invalid (see Section
11.4.6).
Over-The-Air-Rekeying (OTAR) - The process of
sending new encryption keys over the air using an RF
interface.
sending new encryption keys over the air using an RF
interface.
Red - Refers to information that is not encrypted. The
opposite is “Black”.
opposite is “Black”.
Rekey - The process of preparing, sending, and
loading encryption keys into a subscriber unit for
current or future use. This may be done over-the-air
(OTAR) or by directly connecting a keyloader to the
subscriber unit.
loading encryption keys into a subscriber unit for
current or future use. This may be done over-the-air
(OTAR) or by directly connecting a keyloader to the
subscriber unit.
Radio Set Identifier (RSI) - Subscriber units are
programmed with one or more Radio Set Identifier
(RSI) numbers that identify the unit for OTAR
purposes. The RSI can be unique to a individual
subscriber unit or unique to a group of subscriber
units. An individual (unit) RSI is always assigned and
one or more group RSIs may be assigned. The indi-
vidual RSI is typically programmed when the
subscriber unit is initially brought into service. The
KMF is also identified by an RSI (KMFRSI) to use as
the destination of any KMMs a subscriber unit origi-
nates. The KMMs (Key Management Messages)
generated by the KMF (Key Management Facility) are
addressed to a specific RSI.
programmed with one or more Radio Set Identifier
(RSI) numbers that identify the unit for OTAR
purposes. The RSI can be unique to a individual
subscriber unit or unique to a group of subscriber
units. An individual (unit) RSI is always assigned and
one or more group RSIs may be assigned. The indi-
vidual RSI is typically programmed when the
subscriber unit is initially brought into service. The
KMF is also identified by an RSI (KMFRSI) to use as
the destination of any KMMs a subscriber unit origi-
nates. The KMMs (Key Management Messages)
generated by the KMF (Key Management Facility) are
addressed to a specific RSI.
Storage Location Number (SLN) - A link to a
specific key (TEK or KEK) in the active keyset. The
SLN specifies both a crypto group and a key within
the keysets in that crypto group (the first four bits of
the SLN are the crypto group ID). SLNs and CKRs are
equivalent terms (see Section 11.2).
specific key (TEK or KEK) in the active keyset. The
SLN specifies both a crypto group and a key within
the keysets in that crypto group (the first four bits of
the SLN are the crypto group ID). SLNs and CKRs are
equivalent terms (see Section 11.2).
Traffic Encryption Key (TEK) - A key used to
encrypt voice or data. The other type of key is the Key
Encryption Key (KEK) which is used to encrypt keys
encrypt voice or data. The other type of key is the Key
Encryption Key (KEK) which is used to encrypt keys
contained in Key Management Messages. TEKs can
be either the AES or DES type.
be either the AES or DES type.
Unique Key Encryption Key (UKEK) - A KEK
unique to a particular subscriber unit. Refer to “KEK”
for more information. These keys can be either the
AES or DES type.
unique to a particular subscriber unit. Refer to “KEK”
for more information. These keys can be either the
AES or DES type.
Zeroize - The process of deleting all keys from a
compromised subscriber unit to disable it. To make the
unit functional again, the keys must be reloaded by a
keyloader.
compromised subscriber unit to disable it. To make the
unit functional again, the keys must be reloaded by a
keyloader.
11.5 RADIO SETUP FOR ENCRYPTION
11.5.1 GENERAL ENCRYPTION SETUP
The following radio setup is required for encryp-
tion regardless of whether OTAR is used:
Options Enabled - The desired encryption type must
have been enabled at the factory (DES, DES-XL,
DES-OFB, AES). To determine what options are
enabled, using the PCConfigure programming soft-
ware, select the Transfer > Read Options From Radio
menu parameter.
have been enabled at the factory (DES, DES-XL,
DES-OFB, AES). To determine what options are
enabled, using the PCConfigure programming soft-
ware, select the Transfer > Read Options From Radio
menu parameter.
PCConfigure Programming
PID/SLN Mode - On the global screen, select
either the PID or SLN mode (see Section 11.2.3).
If the SLN mode is used, also program the Keys
Table by clicking the
If the SLN mode is used, also program the Keys
Table by clicking the
button.
Infinite Key Retention - On the global screen,
select this parameter to store keys permanently
in memory (see Section 11.2.4).
in memory (see Section 11.2.4).
Erase Keys On Keyset Change - On the global
screen, if the SLN mode is selected and more
than one keyset is used (see Section 11.4.3),
select this parameter to erase keys when
changing keysets (see Section 11.2.6).
than one keyset is used (see Section 11.4.3),
select this parameter to erase keys when
changing keysets (see Section 11.2.6).
Program Channel/Group PIDs and Encryption
Type - With conventional analog calls, this infor-
mation is programmed on the channel screen.
With other types, it is programmed in the talk
group list selected on the system screen. In addi-
tion, with conventional digital calls, the group
mation is programmed on the channel screen.
With other types, it is programmed in the talk
group list selected on the system screen. In addi-
tion, with conventional digital calls, the group