E F Johnson Company 2425M80 Benutzerhandbuch
Draft 02 - Sep 1 2015
7-9
Secure Communication (Encryption)
The actual OTAR rekeying functions are performed by a Key Management Facility
(KMF) that sends Key Management Messages (KMM) to the RSI (Radio Set Identifier)
assigned to a specific radio or radios. These messages are themselves encrypted using a
unique key called the UKEK (Unique Key Encryption Key). Radios must be OTAR-
compatible, programmed for OTAR, and the UKEK loaded for OTAR for this type of
rekeying to occur.
(KMF) that sends Key Management Messages (KMM) to the RSI (Radio Set Identifier)
assigned to a specific radio or radios. These messages are themselves encrypted using a
unique key called the UKEK (Unique Key Encryption Key). Radios must be OTAR-
compatible, programmed for OTAR, and the UKEK loaded for OTAR for this type of
rekeying to occur.
Note
The RSI is enabled in the KMF and must be assigned to the radio by programming.
OTAR is available only on P25 conventional and trunking channels, and only to program
DES-OFB and AES-OFB keys. It is not used on SMARTNET/SmartZone channels.
DES-OFB and AES-OFB keys. It is not used on SMARTNET/SmartZone channels.
7.6
Radio Setup for Encryption
The following radio setup is required for encryption regardless of whether OTAR is used:
Options Enabled - The desired encryption type must have been enabled at the factory
(DES-OFB, AES-OFB, ARC4 software encryption).
(DES-OFB, AES-OFB, ARC4 software encryption).
The following are set through programming:
PID/SLN Mode - If the SLN mode is used, the Hardware Keys Table must be
programmed also. If Software Keys are used, the Software Keys Table must also be
programmed.
programmed also. If Software Keys are used, the Software Keys Table must also be
programmed.
Infinite Key Retention - This parameter enables the option to store keys permanently
in memory (see Section 7.2.3).
in memory (see Section 7.2.3).
Erase Old Keyset on OTAR Changeover - This parameter erases keys on an OTAR
changeover if the SLN mode is selected, it does not erase keys on a manual keyset
changeover.
changeover if the SLN mode is selected, it does not erase keys on a manual keyset
changeover.
Talkgroup PIDs/Software Keys - This information is programmed in the talkgroup
list selected on the Systems - Lists tab. In addition, with conventional digital and P25
Trunking calls, the group programming can be overridden on the Channels tab (see
Section 7.2). Additional PIDs/software keys for special calls can also be specified on
the Systems - General - Options 2 tab for digital and trunking calls.
list selected on the Systems - Lists tab. In addition, with conventional digital and P25
Trunking calls, the group programming can be overridden on the Channels tab (see
Section 7.2). Additional PIDs/software keys for special calls can also be specified on
the Systems - General - Options 2 tab for digital and trunking calls.
Note
Key Loss Key (KLK), offered by Motorola, does not erase the UKEK which allows the
radio to be rekeyed by the KMF remotely. By not erasing the UKEK, the KLK does not
meet TIA standards and is no longer FIPS 140-2 certified.
radio to be rekeyed by the KMF remotely. By not erasing the UKEK, the KLK does not
meet TIA standards and is no longer FIPS 140-2 certified.
The current EFJohnson Technologies Viking Series mobile radios support OTAR.
However, an RSI, UKEK and other information must be programmed as described in the
next section.
However, an RSI, UKEK and other information must be programmed as described in the
next section.