Definitions - E.F. Johnson Company 5300 Series Operating Manual

What Are Encryption Keys?
An encryption key is a cryptographic variable
that is required by the encryption algorithm to encrypt
and decrypt voice or data. To maintain system security,
these keys must be protected from disclosure and also
periodically replaced or updated.
With the DES encryption used by EFJohnson
radios (see Section 8.2.3), the same encryption key is
used by both the encrypting (sending) and decrypting
(receiving) radio. DES encryption keys are generated
from a string of 16 hexadecimal characters. Another
four hexadecimal characters are used to specify the
key ID.
Multiple keys can be loaded into a radio using
OTAR or manual loading. The process by which
encryption keys are generated, stored, protected, and
changed is referred to as Key Management.
The channels, talk groups, and other calls that use
encryption are linked to a specific Physical ID (PID)
when the radio is programmed using the PCConfigure
programming software. For example, Zone 1, Channel
3 could be programmed to select the key in location
12. With OTAR, an additional Storage Location
Number (SLN) provides the link from the PID to a key
slot of the keyset which contains the key (see Section
8.2.6).
When an encrypted message is transmitted, the
encryption Algorithm ID (ALID) and key ID (KID)
are usually included in the message. This tells the
receiving radio which key and algorithm must be used
to decrypt the message.

8.2.2 DEFINITIONS

Algorithm - Refers to the specific encryption standard
that is used to encrypt a message. Each standard uses
different calculations to perform the encryption.
Algorithm ID (ALGID) - Identifies the algorithm
used to encrypt a message. This ID and the key ID are
usually transmitted with an encrypted message.
Black - Refers to information that is encrypted. The
opposite is "Red" which refers to unencrypted infor-
mation.
SECURE COMMUNICATION (ENCRYPTION)
Common Key Encryption Key (CKEK) - A KEK
common to a group of subscriber units which share the
same encryption keys (are part of same crypto group).
The use of a common key allows the subscriber units
to be rekeyed by the KMF using one Key Management
Message. Refer to "KEK" for more
information.
Common Key Reference (CKR) Group - This refers
to a group of subscriber units which share the same
encryption keys. These common keys are required for
them to talk to each other. For example, the officers of
a police department that talk to each other may have
one or more keys in common that would be referred to
as a CKR group. CKR groups are used to aid KMF
key management. A subscriber unit may contain keys
for more than one CKR.
Crypto Group - A group of up to 16 keysets
containing the same type of keys (either TEK or
KEK). Only one keyset in a crypto group is active at a
time.
Cryptographic Variable - The variable used by a
cryptographic algorithm to encrypt a message. Also
called a "key".
Cryptonet - See Common Key Reference (CKR).
Currency - Relates to the need for key updates. If a
subscriber unit is current, it does not require a key
update at the current time. If it is not current, the KMF
has new keys for that subscriber unit or CKR group
have not been sent or have been sent but not acknowl-
edged.
Group Rekeying - The process of changing the keys
in several subscriber units with a single message
addressed to the group rather than changing each
subscriber unit separately. This reduces system over-
head and makes rekeying more efficient. Subscriber
units in the same group must be programmed with a
common KEK. See also Key Management Group.
Key - A variable used by a cryptographic algorithm to
encrypt voice or data.
Key Encryption Key (KEK) - A key used to encrypt
keys contained in Key Management Messages
(KMMs) during OTAR. These messages may them-
44