Aes Encryption; Out Of Box Operation; Enabling Aes; Wireless Authentication - Redline RDL-3000 Series User Manual

RDL-3000 FAMILY
6.2

AES Encryption

AES 128-bit wireless encryption is a no-cost feature available for the radio. The 256-bit
encryption feature is an optional purchased feature on radio systems. When AES is
enabled, the sector controller and all subscribers must use compatible settings. Check
model type for availability.

Out of Box Operation

AES encryption is disabled by (factory) default.

Enabling AES

Use the following steps to setup and enable AES encryption. When AES is enabled, the
sector controller and all subscribers must use identical encryption settings.
1. Obtain AES-enabled options keys for all radio radios in the sector.
2. Copy the options keys to each radio and set this to be the active key.
3. Choose the same AES encryption setting on all communicating radio radios. A data
link can be established only between systems with identical security settings.
Web:
CLI:
4. Enter the shared key on all AES-enabled radio radios.
Web:
CLI:
5. Save the configuration to activate changes.
Note: ECDSA authentication requires AES encryption to be enabled. AES encryption
can not be disabled while ECDSA is enabled.
6.3

Wireless Authentication

Wireless authentication using Elliptic Curve Digital Signature Algorithm (ECDSA) is an
optional feature enabled by the options key. Wireless authentication is available based
on model type. When authentication is enabled, the sector controller and all subscribers
must use compatible settings. The authentication feature requires AES to be enabled.
Out-of-Box Operation
Wireless authentication is disabled by (factory) default. This feature is enabled by
installing an options key enabled for ECDSA authentication and generating and loading
ECDSA certificate and key files. AES encryption must be enabled.

Enabling Authentication

Wireless authentication is disabled by (factory) default. The following steps are required
for the sector controller and all wireless sector terminals in the sector. Access to a TFTP
server is required.
Generate the key file and certificate request file on the wireless terminal.
1.
Use the terminal CLI interface to self-generate public/private keys and generate a
'certificate request' file. The key file is saved permanently in the user (usr) table
(ecc_keypairT.ecc) and the 'certificate request' file is automatically downloaded to
the ftp server.
a. Login to the wireless terminal CLI interface.
b. Use the genecckeys command to generate the keys and the request file:
For example:
70-00158-03-00
Configuration screen -> Wireless Security Configuration: Encryption Type
set encmode <0, 1, 2, or 3>
Where, 0 = None, 1 = AES 128. 2 = AES 256
Configuration screen -> Wireless Security Configuration: Shared Key
pskey <shared key>
genecckeys <tftp server ip> <cert-request-filename>
genecckeys 192.168.20.100 ecc_req_00-09-02-01-C1-9A.txt
Proprietary Redline Communications © 2015
USER MANUAL
Page 160 of 254 April 17, 2015