Batboard

I'm involved in a statewide mutual aid communications project here in Florida funded by the State Fire Marshal's office & administered by the Florida Fire Chief's Association. Last week we were issued new equipment & had training on using CPS & keyloaders.

What was bought & issued to the seven regional caches:

1 VHF Quantar repeater

10 XTL5000 VHF mobiles w/ W7 heads.

64 XTS5000 VHF model II

15 XTS5000 UHF model III

15 XTS5000 700/800 model III


The UHFs are conventional/digital and the encryption works. The 700/800s are conventional/digital/smartzone/omnilink and the encryption works.

The problem is with the VHFs. They were bought with the encryption hardware, but it is not enabled in the firmware, plus they are not digital.

The fellow who placed the order thought they were supposed to come supporting securenet, but when they wouldn't accept a key, the factory training guy figured out that the encryption wasn't turned on

So now we are looking at a flash upgrade of 70 xtl5000s & 448 xts5000s so the encryption will work.

No, I don't know why we need encryption for mutual aid fire communications. Apparently we do, because there was a lot of hand wringing when the problem was discovered.

Seems kind of odd that they bought Motorola, seeing as SLERS (Statewide Law Enforcement Radio System) is M/A Com. So these radios can't even be used on that system.

Since this is going to be very expensive, we want to make sure that the right upgrade is ordered.

The current flash code is:

000001-002000-5
Host R05.01.01
DSP R05.01.00

I'm not sure about the other numbers, but these were shipped this month, so I'm sure they're all current.

My department hosts the radio cache for Region 3, NE Fla. I had no involvment in this until last Friday when I was assigned to go to the class and was told I would be managing this project.

Couple of things in the Fire Dept. Never let anyone know you can cook, and never let administration know that you know much about anything that might turn into a pet project.

Oh well, can someone please tell me what options need to be ordered so I can pass that information upline. Gotta go cook supper, the guys are hungry.

RG

If your VHF XTS5000 radios are currently analog FM radios equipped with SECURENET encryption (which will include the UCM universal crypto module Q159), you will need to do two things: 1) Uplift to APCO P25 IMBE digital firmware and 2) equip them with DES-OFB encryption software, rather than the current SECURENET option.

The IMBE digital firmware uplift is currently priced at about $775 per XTS5000 portable radio, and the DES-OFB digital encryption software is about $599 per XTS5000 radio (not including any sales taxes, shipping costs, etc.). For financial planning purposes, I'd budget roughly $1,375 per radio, not including the labor to install the DES-OFB software, or to install the IMBE firmware. I'd plan on one hour of labor per radio to install the DES-OFB software, and to install the IMBE firmware, and then do a complete radio check out, after these two installs. So, I'd add about another $100 for loaded labor.

$1,475 per radio for software/firmware and labor would be a good rough planning estimate for budgetary reasons, at least until you can get a firm factory quote from your Motorola sales guy. That would bring your total uplift budget to about $94,400.

If you need the multikey encryption option, that will add significantly to your uplift costs.

Keep in mind that typically (not always) unless your original purchase contract specifically covered future firmware upgrades and/or future encryption uplifts, neither of these are typically subsequently discountable "after the fact."

Good luck.

Jeesh i am glad i held onto that almost worthless motorola stock I own!!!!

Obvious question. It the option in CPS checked/turned on that you have secure enabled in the codeplug for the radio?

If that option is not turned on in the codeplug, the radio will not accept the key at all, even though its in there.

Yep, it's turned on. The class was put on by a factory training rep. who used to work in the depot. He seemed to have a good grasp on things. With everything turned on, the radios would not take a key. Once we looked at the feature set (CPS decodes the flashcode on this version), we noticed that there was nothing in the firmware about encryption. So, there we are. I'm glad it's not my decision and I'm not the guy to answer for this...

RG

I think the CPS programming issue is probably a moot point, Pj. He said in his post that his VHF XTS5000 radios were factory equipped with SECURENET. The only good news here is that means he has already paid the $150 per radio for the Q159 option, which provides the UCM hardware module, albeit they were unfortunately programmed with SECURENET encryption. Whether he properly enabled things in the CPS or not is irrelevant, IF his goal is to have 1) IMBE voice and 2) DES-OFB encryption.

There's just no way around it: He will need two FLASHport upgrades to accomplish the mission.

I wonder if the guy who originally ordered these radios was aware of these requirements? It's hard to imagine anyone ordering the top-of-the-line XTS5000, and then equipping it with SECURENET, especially given that 64 radios are involved! Sounds like a big mistake was made here, and now it's going to cost big bucks for the taxpayers to rectify it.

"I wonder if the guy who originally ordered these radios was aware of these requirements?"

Nope - he knows Midland & BK. He was told to go ahead and order the radios with the hardware & that it would be cheap to have DES enable later. When it was found that even Securenet wouldn't work, that's when it was decided to look into an uplift.

"It's hard to imagine anyone ordering the top-of-the-line XTS5000, and then equipping it with SECURENET, especially given that 64 radios are involved!"

Not 64, seven caches of 64 portables & ten mobiles.

"Sounds like a big mistake was made here, and now it's going to cost big bucks for the taxpayers to rectify it."

Yep - It's not a good thing & I'm glad I'm not that guy. My suggestion has been to forget about it. There is supposed to be a 700 Mhz repeater added to this project, and we have 700 Mhz portables that have full, working AES encryption. My thinking is that if there HAS to be some sort of encryption, then just make sure that the 700 Mhz repeaters will support it.

Meanwhile, there is not one single IMBE VHF fire radio system in the entire State of Florida (excluding the Feds). These radios will work just fine as they are and no sense spending more good money after bad.

RG[/i]

"Not 64, seven caches of 64 portables & ten mobiles."

That means that this mistake will now cost $660,800 to correct, just for the portables, assuming none of the mobiles need to be uplifted. Man, I'd be pissed if I was a resident of Florida, as those ae are the taxpayers that will have to eat this!

Considering that option Q159 is REQUIRED in ording any sort of encyption, I don't see how it could have slipped by Motorola sales, the factory and everyone else up the foodchain.

The UCM's are programmed at the factory for what they are going to become. If the forgot to slap in the programming at the factory, then its their fault.

When we ordered our UCM's for our XTL5000's and XTS5000's, they came in a box, popped them into the radios, reprogrammed as secure, and life was good.

Q159 is an ordering option, not a flash upgrade. The only thing you need to have reflashed is if you now require multikey to support more than one encyption type and/or key. That is what our guy told us, and that's exactly what happened.

Its also possible, that they just got a set of bum equipment. Either way, a phone call or two can clear it right up. If you can, post what was ordered off your quote for equipement. Until certain things are known, it just speculation. (Hey, they could have even recieved someone elses radio).

Nowhere do I see what type of encyption they are requiring here. There are plently of departments that run DES-XL/DVP-XL IMBE. As far as we know, it will suppose to come with the god save the world AES.

I don't see in the flash the IMBE flash, so that's legit, unless last minute it was decided to become an upgrade later...based on the comment that no one else is using digital for what they are using.

Too many variables.

Q159 ($150) is the hardware encryption option that is specified at the time the FO is placed that provides the hardware UCM module for ALL encryption types. It is a separate option to then specify the encryption "flavor." Both Q159 AND the encryption type must be specified on the FO for a complete order, IF the customer desires encryption with their radio at the get go. BTW, you can NOT order the Q159 UCM without specifying an encryption type on the FO. Unfortunately, Motorola will not allow you to order just the hardware UCM module with no encryption type specified, and then FLASH it with a particular encryption type later. Order Edit would place such an FO on D1 Hold in a heartbeat! In fact, Order Edit would probably reject that FO out of hand, and it wouldn't ever get to a D1 Hold status. You can certainly change the encryption flavor later, but you can NOT order it as a blank, so to speak.

He stated that they ordered SECURENET with the original order, so it is certainly not Motorola's fault that if he now instead wants DES-OFB, he must uplift his radio's firmware (and pay for it). This means that if he did not specify Multikey and he ordered only one SECURENET encryption type, then he would have specified H797 (DVP-XL SECURENET). On the other hand, DES-XL also comes with DES-OFB, but it requires multikey, as it also has DES-OFB. The latter would have been the correct choice, if he needed SECURENET today, and DES-OFB tomorrow.

Ok, stop.

If they actually want digital, then yes, a flashing they will go. If not, and they want -OFB, then yes I think it needs to go to IMBE first, but I have heard (not seen/first hand) that you do not need to be IMBE to use -OFB. Supposely DES is DES is DES as those are concerened (and I think its a topic of another thread) and that -OFB is just the approved P25 DES varient.

Where in the post do you see that it was DES-OFB that he wanted? I don't see it.

As it has been stated, I know how encyption is ordered. I have done it several of times.

In either case, a flash upgrade was not required in the radio to use the new UCM. Insert UCM, enable secure, done.

And what terms are you using for reguarding SECURENET?

SECURENET is Motorola's name for coded secure communications, so its pretty universal from DVP-AES.

SECURENET refers to the OLD DVP/DES-XL pre-P25 and IMBE era. Look at Motorola's R3, and you will find that SECURENET is the old style encryption that is compatible with FM. He stated he wants to have IMBE, and with IMBE I assume he wants P25. That requires DES-OFB, as opposed to SECURENET, etc. Capiche?

Gentlemen please!

Okay, I didn't place the order & I don't know why encryption was ordered for these. The Comm. Spec. from Fla. DOF who oversees this project told me in a phone call this evening that he sent the request in to that black hole called Tallahassee requesting radios to replace the BKs we have now - they won't do narrowband & narrowband is needed to talk to the US Forest Service. There was grant money available and time was running out. He didn't want Motorola, but this is what we got.

So from what I gather, the radios will need to to be upgraded to do any sort of encryption.

I have not seen the order sheet, but from the listing on the feature set on the CPS, here's what is there:

H35-Conventional Systems Operation
Q241-Analog Only Operation.

Next time I go to their place of storage I will look on the lable on the box and see exactly what it says.

The CPS sees encryption hardware, we enabled it with the CPS & strapped it to some channels. When we try and load a key with the KVL, it will not take a key. When we go to the channels that are strapped, the radio beeps and says KEY FAIL.

So from what I gather, it won't work like it is.

Personally I think it is another case of someone who knows nothing about radios doing the purchasing. From what I have been told this evening, the radios were ordered as anolog only so they could buy more of them, with plans to upgrade later. Apparently there was some type of misunderstanding in that they won't even do basic Securenet as they are.

As far as needing digital, like I said before, no state or local gov't department in the State of Florida is using VHF digital.

Thank you ASTROMODAT and the others for your input, but I think it's not going to happen for us - and that's okay. The estimated price was what I was looking for, and it's much more than can be spent and we're only 18 days into the fiscal year.

RG

As I stated before, lets find out more before ASSuming too much.

There is a life outside the pricebook.

For the whole DES-XL/OFB disscussions of the past, where are a couple of links that are generally interesting

http://batboard.batlabs.com/viewtopic.php?t=44369
http://batboard.batlabs.com/viewtopic.php?t=26084

Robert-

First, ignore Larry/ASTROMODAT. As you've no doubt gathered, he knows everything about everything - just ask him, he'll tell you. He's a slightly more comprehensible version of Cowthief.

If your radios are coming up KEY FAIL, then they have hardware encryption installed and enabled, and the UCM is being recognized successfully by the radio. You don't have Multikey enabled in the flashcode, but you should be able to at least run single-key crypto. The first step would be to power one of the radios on and press the button directly above TX five times in rapid succession, then take note of what the radio says for KG1/KG2/KG3. That will tell you what algorithms are loaded into your radios.

What type of keyloader are you using - likely a KVL3000 Plus? I don't know how to do it, but I believe there's a way to read the currently-equipped algorithms from the KVL. See if you can figure out how to do that.

I'd be willing to bet that you have a mismatch between algorithms in the KVL and algorithms in the radio. Thus, the KVL fails when attempting to load a key.

If Moto equipped the radio with DES-OFB, which requires IMBE digital, even though the flashcode indicates conventional operation only, you may well have a case to demand that Motorola uplift the radios to IMBE. If the radios are equipped with DES-XL (Securenet - old tech that doesn't require IMBE digital) then you may simply need to flash your KVL with the appropriate algorithm, which would be considerably cheaper than handling every radio.

In any case, you have quite a few radios, hence at least a medium-size rubber hose to use on your friends at Mother M. With a bit of research and some calm, reasoned "suggestions" from yourself or those higher up than you to Motorola, you might be able to get this fixed without tremendous expense.

Hope that helps...

tvsjrpqwetrye, etc. your lack of knowledge may impress others, but your blathering does not answer any open question here. I suggest you Troll on some other board.

Pj, perhaps you are ASSuming, guessing, etc. but I'm trying to help this guy out with factual information. I assure you that my prices are correct, accurate, and apply to the questions at hand.

This is NOT a discussion about whether DES-CFB will "work" on an IMBE system, as you are alluding to. This fellow said that he has "7 caches of 64 radios" that he wants to uplift to IMBE. No one with 448 radios (worth something like $1.8 million!) would spend a quarter of a million dollars on SECURENET in 2005! Obviously there is a huge problem here! He's talking about considering uplifting 448 radios to IMBE, so suggesting he might want to use SECURENET, such as DVP-XL or DES-CFB, would be foolish, as his radios in the encrypted mode would not be compatible with any APCO P25 encrypted system since APCO P25 does NOT include DES-CFB as a valid encryption type. This is the issue.

Are you feeling OK, Pj?

He's stated that no agency in the state is on VHF IMBE digital, therefore he doesn't need digital. He's trying to figure out if encryption will work with what he has.

We know that:
His radios are equipped with UCMs, and are enabled for secure hardware, as evidenced by the KEY FAIL messages.

His radios are not currently flashed for IMBE.

That leaves a few possible conclusions:
1. His radios have been equipped with DES-OFB or AES256 UCMs, which aren't supported under analog operation. If Motorola equipped the radios with these UCMs, then he may well be able to convince them into uplifting his radios to IMBE for a reduced cost or for free.

2. His radios have been equipped with DES-XL UCMs, and his KVL hasn't been flashed with that algorithm.

You suggest I go "troll" elsewhere, Larry? Or what? Are you a moderator, Larry? Last I checked, you weren't a big dog around here, and you certainly don't have the stroke to back up your mouth.

Oh, by the way, are you *ever* going to post any evidence to back up your claims that you're such a highly-ranked radio expert in the US gov't? Of course not, that would probably violate your secret squirrel clearance, right?

Later, Cowtipper.

Pj wrote:As I stated before, lets find out more before ASSuming too much.

There is a life outside the pricebook.

For the whole DES-XL/OFB disscussions of the past, where are a couple of links that are generally interesting

http://batboard.batlabs.com/viewtopic.php?t=44369
http://batboard.batlabs.com/viewtopic.php?t=26084

Sorry, I can't hold my tongue on this one. PJ, that was priceless. You'd think this arrogant p###k would have taken a hint by now.

Sock it to 'im.

Enough.... You don't have to insult someone in order to prove your point people.

Keep the information flowing and the discussion going - it's fine to debate, but you don't have to resort to calling people names, bashing them, etc.

This is an interesting and productive thread - however, we can continue this with information sharing, as opposed to information bashing.

Thanks. If the discussion continues, the topic will be locked, resulting in the origional question not even being answered.

-Alex

I agree, Alex, as it looks like one of your junior moderators has become one of the biggest insult slingers on the Batboard. Calling folks an ASS isn't exactly a moderator's role. Just lucky it wasn't FTF, or the individual would now be sportin' a big fat lip, along with two eyes that won't open.

Anyways, if you want to pm me RG I'd be more than glad to help you out. Depending upon the date of your FO, there may be a way around this dilemma that could dramatically curb your uplift costs.

If the radio has an encryption module in it, you do NOT need to do anything 'special' to enable the encryption capability, other than turn it on in the codeplug. If you go into the radio test mode you can see what algorithms are loaded into your encryption module. It very likely has only DES/DES-XL.

The problem you appear to be having, and that others have pointed out, is the KVL3000+ likely doesn't have the proper algorithm to be able to keyload your analog-only DES/DES-XL radios. You can check what algorithms are loaded in the KVL. You probably only have DES-OFB or AES, or both, but no DES/DES-XL.

So, in short you shouldn't need ANY form of FLASHport upgrade for the radios as long as you don't want/need to go digital. You will likely need a FLASHport upgrade for the KVL3000+ in order for it to keyload your analog-only radios.

Todd

ASTROMODAT wrote:I agree, Alex, as it looks like one of your junior moderators has become one of the biggest insult slingers on the Batboard. Calling folks an ASS isn't exactly a moderator's role. Just lucky it wasn't FTF, or the individual would now be sportin' a big fat lip, along with two eyes that won't open.

No, your right, it's not a moderator's role. However, it is easy to get caught up in a discussion and be pissed off about something your passionate about - which this thread is a great example of. Everyone does get riled up here and there, when it happens, take a deep breath and a step back. However, everyone else who is involved - i'm not stepping in to take sides, agree, or disagree on one part or another of the discussion, i just ask that you keep it cival. There will be no further disucssion on this issue - just responses to help the OP out.

-Alex

If he decdies to change the encryption type at some point of any/all of his radios, then he would need to load an appropriate FLASHport upgrade kit into his KVL-3000 (or KVL-3000+ if he wants AES), which in turn would be used to FLASHport upgrade each of his XTS5000 radios' encryption UCMs.

He would then have to buy the same number of encryption FLASHport loads for his KVL-3000 as he has radios to be encryption changed. Unfortunately, even if he only changed the encryption type in just ONE (1) radio, he'd still get nicked for the $125 for the necessary PCMCIA UCM card for his KVL-3000, in addition to the $599 for each load (e.g., $724 to change one radio from SECURENET to DES-OFB). The PCMCIA card is the hardware UCM for the KVL-3000 that actually "supports" the 1 to 100 individual FLASHport loads.

Motorola prices each of the FLASHport upgrade kits for encryption type for the KVL 3000 as they do if you had ordered the original radio with these encryption types. It prices out identically, albeit they also hit you for the cost of the PCMCIA card UCM upgrade kit for the KVL-3000 card that is needed for programming the new encryption types.

He would order one (1) PCMCIA UCM upgrade card (T6740 at $125) for his KVL-3000 for each 100 (maximum per T6740) radios to be encryption changed. Each of the UCM FLASHports would be priced the same as the original order would have been, such as $599 for DES-OFB (#CA00840AD) per radio. Once he has programmed 100 radios, then he would need to order another T6740 PCMCIA card for the KVL-3000, along with the individual FLASHport encryption loads per radio.

The loss here would be that if he never uses SECURENET (e.g., DES-CFB, or DES-XL, DVI-XL, etc.) then his $487 or $520 per radio for their original SECURENET encryption is now "wasted." This is where the real loss comes in, along with the labor to do the reloads, take the radios out of service, bring them into the bench, etc.

BTW, as far as the FLASHport upgrade of the "radio" versus the "KVL-3000," in effect BOTH will be FLASHport uplifted, IF he changes encryption types. For example, if he has SECURENET right now in his radios and later wants to have DES-OFB, he will need to 1) FLASHport his KVL-3000 with the DES-OFB "carried" on the T6740 PCMCIA UCM card, and 2) FLASHport his radios' UCMs to change them from SECURENET (e.g., DES-CFB, DES-XL, DVI-XL) to DES-OFB. In effect, there are two steps involved, one in the KVL (for each 1 to 100 loads), and then the individual loads into each of the radios' UCMs.

Hope this helps.

Okay, no more guessing. Here are the numbers:

Host: R05.01.01
DSP: R05.01.00
Secure: R05.05.00
KG1: AES-256

no KG2 or KG3 in the service mode screen.

AFAIK, these radios won't do any encryption without an upgrade. CRAP!!

Robert

So you can't use AES with an analog only radio???

Do the rest of the "non-problem" radios use AES as well?

Apparently, you're using them in analog mode or you wouldn't be able to communicate with the other 448 "problem" handhelds.

Please tell us the algorithms that are loaded into the KVL3000 and what the other radios have in them as far as encryption modules are concerned.

OK, Robert, here's the deal. For your AES to "work," you will need to run IMBE ($775 per radio). AES will not work in the analog FM mode. The KVL-3000+ will allow you to enter whatever code key(s) you select, but AES will ONLY work with DIGITAL IMBE. The good news here is that you will NOT need to FLASHport the radios' UCMs, as KG1 AES tells you that your radios' UCMs are AES 256 from the factory. Now they just need a key, although you will need IMBE to work in the encrypted AES mode.

Not sure why your guy said anything about SECURENET, but I suppose that's neither here nor there, at this point.

Hopefully, this now solves our mystery!

BTW, Motorola is really pushing AES. It's FLASHport is $475, versus $599 for the older (and much less secure) DES-OFB. AES does require CKR (no more PID!), so if you have DIU3000's in your system (which I'm sure you do if you have 448 portables!), you'll need to uplift their firmware to the latest, so it can handle AES (w/ CKR) so the dispatchers can talk to the troops.

Have fun with those XTS5000's!

Please tell us the algorithms that are loaded into the KVL3000 and what the other radios have in them as far as encryption modules are concerned.[/quote]

In the uhf radios, (that have IMBE):

Host: R05.01.01
DSP: 05.01.00
Secure: 05.05.00
KG1: DES-OFB
KG2: DES-XL
KG3: AES-256

In the 700/800 mhz (IMBE as well):

Host: R05.01.01
DSP: 05.01.00
Secure: 05.05.00
KG1: DES-OFB
KG2: DES-XL
KG3: AES-256

In the KVL-3000 +

The version is R3.52.31

The alogrhytms are ASN & Astro 25

We can load keys into the UHF & 700/800 Mhz radios in ASN or Astro 25 mode.

The project manager has thrown his hands up and said we will deal with it later, maybe in next year's budget.

Thanks everyone. I have a real good understanding of how this works, and a bad taste in my mouth for centralized purchasing.

Robert

My whole point that you Larry seemed to keep missing (and that people here picked up on) is that you were assuming that the gentlemen has xyz-OFB or whatever and quoting all sorts of prices and assuming this or that.

My stance on anything software/hardware related in this forum is that we need to find out information from the user, so that we can give this guy an informed answer or throw him into the right direction. I asked you where you were coming up with the -OFB (which turned into -CFB at one point) when I was saying...hey, lets see what he actually has first and lets go from there and you kept on quoting prices and upgrades.

Step back, and take a deep breath, look up from the pricebook once in ahwile, and chill.

For now I am done with this...it feel like:

Pj, my reply was in connection to his post which referred to "SECURENET" (Robert posted: "The fellow who placed the order thought they were supposed to come supporting SECURENET...").

In a current production Motorola radio, SECURENET includes one of 4 flavors: DES-CFB (sometimes loosely referred to as "straight DES"), DES-XL, DVP-XL, or DVI-XL.

Therefore, a current production SECURENET equipped radio, such as an XTS5000, is a radio whose UCM is FLASHed with one of those 4 flavors.

On the other hand, a current production Motorola radio, such as an XTS5000, that is encrypted, but is NOT considered to be a so-called "SECURENET" radio, would therefore entail DES-OFB, AES, or ADP.

Capiche?

Securenet is used by many people to denote secure operation of any type in a Motorola portable, even though Larry is correct that Securenet does not refer to advanced encryption types over IMBE (DES-OFB, AES-256, ADP, etc.) No reason to mince words here.

I would think that Robert or his higher-ups would have a reasonable case to go to Motorola and demand a reduced-price/free flashport to IMBE, as they essentially sold him incompatible hardware (AES-256 UCMs in radios that don't have IMBE). It's also rather different that they installed tri-algo UCMs in two of the three radios, and only single-algo UCMs in the VHF portables.

This reminds me of a local department that ordered quite a few Astro Spectras (years ago) and purchased them "ASTRO Ready", assuming that meant they were flashed for IMBE. Oops.

I'd tell the project manager to call Motorola and complain, preferably loudly. It might be possible to get them to help out in this situation.

yeah but, after 30 some odd years of the term securenet in the radio world it is often applied to ALL forms of encryption, be is DES, DVP, DVI, XL varients, OFB or the oh so spiffy AES.

I don't think you'll have much success in trying for a free uplift from Motorola. A customer could choose to order AES at the get-go, and then uplift the radios some years later to IMBE, when they have the funds available.

Keep in mind that when you equip a radio with ANY type of encryption, you must pay the $150 for the hardware UCM, and then Motorla REQUIRES you to load at least one encryption type at the time of order. If they choose to buy and install the UCM hardware module later, they'd have to crack open all of the radios, and this costs labor. You don't want to open up your Rolex unless it is broke, and the same thing holds true for that $5,000 a piece XTS5000. Cracking them open is very simple, but it also opens up a Pandora's box of opportunity for things like stray grounds, stray capacitances, and the like to reer their ugly heads!

With the UCM hardware already there, they don't have to worry about cracking open the case later to put the UCM hardware inside. Other than ADP, AES is the CHEAPEST encryption flavor, and the most powerful, so it makes great sense to choose this load now, since the FO will require at leasst one flavor once you spec the UCM hardware in the first place.

As to AES with no IMBE, again maybe their budget couldn't swallow the extra $775 right now for the IMBE. But, when they do FLASHport upgrade to IMBE some years down the road (e.g., say when tons of DHS P25 funds become available!), then the AES will already be loaded and paid for, so that money was NOT wasted.

Makes perfect sense to me, UNLESS they NEVER EVER intend to uplift to IMBE, then I'd agree. And, how can one say this, in light of the expectation for Uncle Sam to cough up all kinds of P25 money in the future?!

Food for thought, anyway...

Well after all that jibber jab...

It appears that you either need the KVL 3000 set up with whatever flavor DES you want. Although it is my understanding that DES is DES is DES... therefore a DES key loaded will work with XL/OFB/ABC/123 (whatever).

That would probably be the easier/cheaper route as compared to screwing around with 448 radios and getting everything to match with the radios per se. Call it the government employeee mantra, but work smarter... not harder. This way it could only be a case of swapping some modules on the non-DES radios and taking care of the KVL 3000.

I am no expert on encryption, but this would be my educated guess based what I have read. As far as I'm concerned it seems as though the term "SECURENET" has been the entire issue here. It is what seems to have created all the confusion.

JAYMZ wrote:Well after all that jibber jab...

It appears that you either need the KVL 3000 set up with whatever flavor DES you want. Although it is my understanding that DES is DES is DES... therefore a DES key loaded will work with XL/OFB/ABC/123 (whatever)...

DES is not DES is not DES. XL is not OFB, and the two will not work together. They are different options, although you can get them in a "package deal". AES is a whole other animal, but also doesn't play well with others, either.

Think of it as band-splits. You can get a UHF radio, but if it is down in the R-band range and you need it in the T-band range, its useless to you, even though they are UHF.

I think what JAYMZ was getting at is the fact that a T-3011DX can successfully load a key into a radio equipped with DES-CFB, DES-XL, and/or DES-OFB. That was his main point, I think...

On the other hand, it is correct that a radio with DES-CFB in FM SECURENET mode can not talk to an FM radio in SECURENET mode with DES-XL.

An IMBE radio loaded with DES-CFB can not talk to another IMBE radio with DES-OFB, even if both radios are loaded with the same DES key.

Finally, it is of course true that an FM radio with DES-CFB or DES-XL in SECURENET can obviously not talk to a radio in IMBE mode with DES-OFB or DES-CFB.

The keyloader can load any of the DES keys (DES-CFB, DES-OFB, or DES-XL), but these modes are not compatible.

Hope this helps.