CDR-9150XL Radio Family
Radio Configuration Utility
Location Code
Relay Mode
Forwarding
Radio Modes
Jump Tables
Navigation
Navigation Bar
Planning
Utility Panels
Serial
Information
Firmware
Encryption
Notes
Configuration
Advanced Configuration
Reset
Country
Pool
Site Survey
Promiscuous Survey
Testing
Optimization
Addressed Protocols
Paired Units
Asynchronous Environments
Protocol
Sequence Numbers
Commands
Memory Map
Registers
Signal Strengths
OSS Foundations

Encryption

The encryption panel pulls up a "key ring" of all the keys created so far. A solid key icon will appear next to a key in the ring if that key is installed on the current radio. A faded key is shown if the key signature does not match the key programmed into the radio.

Although the configuration utility supports it, generally speaking, there is no need to create multiple keys. Both the sending and receiving radio must be programmed with the same key if they are to communicate over an encrypted channel.
Note:

Encrypted packets are marked as encrypted when they are transmitted. Only encrypted packets are unencrypted at the receiving end. This is a fairly fine point, but it should be noted if for some reason you have a mix of radios with encryption enabled on some, but not on others.

If a radio receives an encrypted packet, then it will decrypt it with whatever key is present in memory. If the key matches the key used to encrypt the packet, then the message will decode correctly. If the key is incorrect (or has not been set) then the decryption will fail and the packet will be discarded.

It is worth noting that this decryption process will occur on any encrypted packet, regardless of whether outgoing encryption has been enabled on the receiving radio or not.

Likewise, if a radio with encryption enabled receives an unencrypted packet, it will not try to decrypt the data. Doing so would scramble the data.

Finally, encrypted packets may be safely forwarded with relays or by bouncing packets from radio to radio. Packets are not decrypted in the forwarding process, so it does not matter whether a matching key has been programmed into the relay or forwarding radio.

To create an encryption key, click the Create... button from the encryption panel. This will pull up an encryption key dialog that lets you set the size (strength) of your encryption key. The key size defaults to 56 bits. This is considered weak encryption and should be legal in most countries.

If there are no limitations on the use of encryption in your country, then you can increase the encryption key up to the maximum of 448 bits. There is no performance penalty for using a large encryption key over a small one, so you might as well get all the security you can.

Additional dialog fields and controls are present for creating a specific key, picking a new random key, or entering a comment. If you only create a single key, then you should not need any of these. Simply click OK, select the newly created key, and click the Upload button to save the key in the radio's Flash memory.

Warning:

Don't forget to save the file after you create an encryption key. There is no way to read an encryption key back out of a radio, so you will need to keep this key saved on your PC. It is a good idea to password-protect this file as well, to keep your encryption key secure.

Encryption keys are represented by a fixed-length "key signature." This key signature is a 32-bit number that represents the key. It cannot actually be used to recreate a lost key, but it is useful in distinguishing one key from another. The value of the signature itself is insignificant.