Download Print this page

E.F. Johnson Company 5300 SERIES Operating Manual: Otar (over-the-air Rekeying); Introduction; Encryption Key Types; Keysets

Digital/analog mobile radio.
Hide thumbs


differently for each channel. Conventional analog
channel encryption is always programmed on a per
channel basis.



OTAR stands for "Over-The Air-Rekeying". This
is the process of sending encryption keys and related
key management messages over-the-air to specific
radios. The advantage of OTAR is that it allows these
keys to be quickly and conveniently updated when
necessary. It is no longer necessary to periodically
travel to the radio location or bring the radio into a
maintenance facility to load new keys.
The actual OTAR rekeying functions are
performed by a Key Management Facility (KMF) that
sends Key Management Messages (KMM) to the
radios. These messages are themselves encrypted
using a unique key. Radios must be OTAR-compatible
and programmed for OTAR for this type of rekeying to
OTAR is available only on P25 conventional and
trunked channels, and only to program DES-OFB and
AES keys. It is not used on SMARTNET/SmartZone
channels or to load DES/DES-XL keys.


There are two types of keys used with OTAR:
TEK (Traffic Encryption Key) - The key used to
encrypt voice and data traffic. All radios using encryp-
tion must have at least one of these keys. This is also
another name for the keys used without OTAR.
KEK (Key Encryption Key) - The key used to
encrypt keys contained in OTAR Key Management
Messages (KMMs). All radios which use OTAR must
contain at least one of these keys. The KEK used to
decrypt/encrypt keys in an OTAR message is defined
by the algorithm and key IDs transmitted in the
decryption instructions field. A KEK may be unique to
a particular radio (UKEK) or common to a group of
radios (CKEK).

11.4.3 KEYSETS

To simplify key management, a number of keys
may be grouped together in a keyset. A keyset is
simply a set of one or more keys of the same type
(either TEK or KEK). Keysets are identified by Keyset
IDs, and the upper four bits of this ID specify the
crypto group (see next section).
The KEK keyset is considered always active and
is ID 255. Two TEK keysets are normally used, and
one is always active and the other inactive. This allows
the inactive keyset to be replaced without interrupting
operation. One is Keyset ID 1 and the other Keyset ID
2. With EFJohnson radios, each keyset can contain up
to 128 keys, but less than 16 are normally used for
optimum keying efficiency and because only up to 16
can be selected by the radio.
The active keyset is usually selected by the Key
Management Facility. It can also be selected by the
EFJohnson SMA keyloader or by the user if the KY
CHG option switch is programmed. Automatic keyset
changeovers are not supported by EFJohnson radios.
In the SLN mode (see Section 11.2.3), two TEK
keysets can be used if desired even if OTAR is not
A diagram of a keyset is shown in Figure 11-2.
Some information may be optional as shown. The
5300 mobile does not support or use the Update Item
and Time/Date parameters.
16-Bit Keyset ID
Algorithm ID
Update Item (Opt)
Time/Date (Opt)
Keyset Name (Opt)
Key 1
Key 2
Key 4096
Figure 11-2 Keyset Diagram


A crypto group contains up to 16 keysets of the
same type of key, either TEK or KEK (see Section
(upper 4 bits are
Crypto Group)


   Related Manuals for E.F. Johnson Company 5300 SERIES

   Related Content for E.F. Johnson Company 5300 SERIES

Comments to this Manuals

Symbols: 0
Latest comments: