Batboard

I am using about 5 Astro Sabers, Astro Spectras and 1 XTS5000 with DVP-XL currently installed, loaded and working on a P25 Conventional system. These were keyloaded by someone else, as I don't have a clue about encryption, obviously. We now have a P7100 and are possibly getting a few more. However, M/A Com can only do DES encryption, and I just got a M/A COM keyloader and cable for the P7100. I have a bunch of different secure modules that are DES or DES-XL for the sabers/spectras which I can install.

I will probably need to get a KVL 3000, or would I be better off with a T3011DX? I am also confused on the following aspects:

First, would a DES-XL module also do just DES? Based on what I read (DES-XL radios are capable of software configuration to disable their “-XL” features, enabling them to
communicate with non-XL DES equipped radios.) So I have an NTN1153 (DES-XL) could I just uncheck the XL on the secure configuration and it would do straight DES?

Second, how much talk distance is lost from DES-XL to just DES? Is it a substantial difference, or subtle?

Third, I see the the KVL3000 will do DVP, DVP-XL, DES, DES-XL, DES-OFB, and DVI-XL. My question is, would I be able to use ANY KVL3000 that I purchase from ebay? How does that work that it can do all of those algorithms, but is only capable of two? (KVL3000 is capable of holding DES and any ONE other algorithm) Do they all have DES and one other, or could I end up with one that has DVP-XL and DVI-XL? And if it has DES, would that be DES, DES-XL, DES-OFB, and DVP-XL? How are they changed?

Lastly, can I create my own key(s) in the KVL3000 so that I can create the same key(s) in the M/A Com keyloader? Or are they preloaded with a set of keys and that is what I am stuck with?

Thanks for your help, and sorry for the stupid questions. I am lost when it comes to encryption!

Your question ... "how much talk distance is lost from DES-XL to just DES? Is it a substantial difference, or subtle?"

From what I've read in various places, DES has a 30% range reduction as compared to DES-XL.

You raise a lot of questions - may be able to help with one or two---
First, some definitions:
Straight DES normally refers to DES-CFB or Cipher Feedback. It is used under ANALOG ONLY - never digital
DES-XL, as I understand it, was an UPGRADE to the DES-CFB algorith by MOTO to help with the range loss. Yes, there is some range loss when under encryption, but the amount can be up for debate. I know a master tech who aligns Quantars for a living and he tells me he can get it good enough so the range loss is negligible. Not real sure about that, but he is very good. The range loss is due to the fact that the receiver must hear a fully quieted (no scratchy noise) signal in order to decrypt - analog in the clear can have a lot of static and noise as you appoach the fringe of the coverage range.
DES-OFB - this is OUTPUT FEEDBACK and as I understand it, was the DES standard for P-25. Now the Feds are moving on to AES-256 due to its significantly increased strength. You can use DES-XL on a conventional digital system, but it is considered a downgrade and below the P25 standard.
Since your system is P25, you SHOULD be able to talk encrypted using DES-OFB, assuming your Moto radios are fully up to the standard, and the M/A Com unit is also up to the standard. Again, my understanding is that DES-CFB and DES-XL are both MOTO proprietary-----
FOr the keyloader, go with a KVL-3000+ - the T3011DX can not load keys via CKR, nor can they load the applicable shadow key to allow P25 OTAR. My agency trashed all the 3011s some time ago---
As for the modules - every radio I have ever seen with the DES-XL can have the checkbox removed UNDER ANALOG to revert the personality to DES-CFB. On DIGITAL personalities, you also uncheck the DES-XL box (actually a different box on the same tab of the personality) to achieve DES-OFB - HOWEVER, the radio MUST have that algorithm! In other words, from my experience, DES-XL implies (or includes) DES-CFB for analog, but DOES NOT necessarily include DES-OFB!!
Now, under DIGITAL, my experience is that there is no range loss between encrypted and not - however, I have been told by some MOTO engineers that there is SOME amount of loss due to the extra processing power required and the necessity for all the packets to be correct. Again, in my experience in the field, no noticible loss, nor any difference in voice recognition between encrypted and clear. (basically 1's and 0's are 1's and 0's - just in different order when encrypted!)
As for your KVL question, I will have to defer - all of ours have DES and AES - don't know much more about them other than they have both an ASN mode to emulate the 3011DX and an Astro-25 mode for P25 compliance (MUCH nicer!!)
You can absolutely create your own keys! You just have to type in the 4 groups of 4 characters (DES is 64 bit) and assign a KEY ID for the ability to auto-decrypt upon receive. You would also have to assign a CKR (Common Key Reference Number) which is MOTO speak for SLN (Storage Location Number) if you wish to load the key using the Astro-25 mode. It DOES get a bit difficult if you were to move to AES - I think that would be 16 groups of 4 characters each!!! (I just download keys via modem from the master Key Management Facility that my agency operates - THANKFULLY never have to manually enter them - but I have done it before----)

Hope all that helps - been playing with MOTO encryption and Over the Air Rekey for 20 years - that OTAR deal is truely a blessing!
Regards,
DDG

Wow, That was a great explantion Mustang. That cleared up a lot of my questions, thanks a million. However, it appears that we won't be getting any more Harris stuff, and will strickly be Motorola in the future, with the plan being to eventually move everything to software based ADP encryption. This would make life MUCH easier! I am glad you answered though, because I learned quite a bit from what you wrote.

Thanks Again,
Greg