2-Way Encryption Primer

Motorola offers it's customers radios that are capable of using digital encrytion (called Securenet(tm)) to prohibit unauthorized reception of the transmitted information. Not all radios are capable of secure communications right out of the box. Some non-secure model can be made to work secure with an outboard "Secure Box".

Some of the more popular radios that are capable of encryption in selected models:

	- Spectra(tm)	- Syntor 	- Expo	- Micor	- MT2000
	- MX300	- Saber	- System Saber	- Astro Spectra
	- Astro Saber	- MCX100	- STX

The only "surefire" way to know if your radio is already capable of encrypted transmission is to open it up and see if has the encryption modules. Some radios (Spectra, Saber) may be capable of secure, but are lacking the necessary hardware to achieve encryption. To determining if it's capable or not can be determined by model number. Most of the time (but not always) the models that are encryption capable have an "X" designation in the model number.

For example, for some popular models the designation is such that:
	Non-encrytion	D44KMA7JA5BK
	Encrytion	D44KXA7JA5BK
			    ^- the "x" is the designation
	Non-encryption	H44SAJ7139CN
	Encryption	H44QXJ7139CN

Many times the radio will have a switch that shows an "O", and an "O" with a slash (/) though it. These designate Clear, "O", or unencrypted, or Coded, /, or encrypted signal.

To make encryption work in your radios, you'll need a pair of radios with the same type of encryption capability (for example, DVP "Digital Voice Encryption" will not communicate with DES "Data Encryption Standard"). Then, using the appropriate Key Variable Loader (KVL), load the encryption key into the radios. KVL's look like a big calculator, with red readout and numeric membrane keypad. They use the same batteries/chargers as the MX style radios.

Key Variable Loaders

DVP (First Generation)	        P1001BX
DVP CODE INSERTER 		T3010AX, T3010BX, T3010CX, T3010DX       
DES 				T3020BX
DES/DES-XL SECURENET 		T3011AX, T3011BX, T3011CX, T3011DX     

The version letter (A, B, C, D) refers to when the unit was produced and what features/algorithm's it
supports. The higher the letter, the newer and fancier. You will need a D version to program some of
the newer radios.

The keyloading cables were options to all models. KVL-3000 (T5795A) models replace all the above T30XX models. The T30XX models are no longer sold by Motorola. The PN for the KVL-3000 manual is 68P81130E08. The KVL-3K uses Visar batteries and chargers. The KVL-3K uses the same keyloading cables as the old KVLs.

KVL's can hold up to 8 different keys (for different zones). When the systems first came, there was some serious limitation to the distance coded transmissions would travel. Motorola redesigned the algorithm modes, and produced the XL security format. This provided range equivelent to clear transmissions.

To program a key into KVL:

    1. Turn on the KVL 2. Press the LOAD button 3. It will prompt for the sequence number (0 to 7) 4. Press 0 for the first memory location 5. Prompt is 0.1 for the first set of octal or hex values 6. Press random values for the key, noting them on paper as you go 7. After 16 to 24 digits it won't take anymore digits (sometimes the last digit will not take, try another if "E" shows) 8. Press ENTER button to save the key into loader 9. NOTE The KEY # is NOT retrievable from the loader

To program key into radio:

    1. Connect radio to KVL with appropriate cable 2. Turn on the radio 3. Turn on the KVL 4. Press the PTT (push-to-transfer) on KVL

At this point, the KVL will send the encryption key to the radio. It only takes a split second. The KVL will now send a 1000hz encrypted tone to the radio, and if all is successful, you'll hear the tone from the speaker. On some of the KVL's, there is a signal sent back from radio to KVL and it will display "PASS" for "FAIL" on the display. Other's will display "BEEP" only as a reminder to make sure the decrypted tone was present in the radio.

The key inside the radio is volatile, meaning that if you disconnect the battery while the radio is on, the key is lost. If the radio is off and you disconnect the battery for more than about 30 seconds, the key will be lost.

Use of Digital Encryption

Amateur radio prohibits the encryption of transmitted signals. Is it possible to get a radio, install the appropriate decryption module, and listen to encrypted signals? Not likely... even with the right stuff, the combination of keys that can be generated is astronomical, and trying to guess one set of literally millions is futile.

The way it's used, even having the key correct except for 1 digit makes the key totally unusable (ie you won't get fragments of a signal with partial key. It's all or nothing). When you listen to encrypted signals, it sounds just like "hash" of an open squelch. At the end of the transmission sequence, you hear a high whine for a second. This is the "end of message" marker, sent so the receiving radio can shut off its receiver and eliminate the squelch tail.

Some Important Part Numbers

The same hybrid encryption circuits are used in many radios (Syntor, Spectra, KVL)


Saber / Systems Saber

Astro Saber



Astro Spectra


Q: Whats the difference between DES-XL, DVI-XL, DVP-XL? Is it any more or less secure with trunking vs. conventional?

A: DVP is Motorola developed Digital Voice Privacy algorithm made in the mid-1970's using 32bit key length.

DES is Motorola encryption algorithm that meets US Gov't encryption guidelines (56bit DES key).

DVP-XL is Motorola proprietary encryption algorithm using 32bit key encryption.

DVI-XL is a variant of DVP-XL for export outside of the US.

DES-XL is a Motorola variant of the US Gov't DES algorithm.

DVP and DES are self-synchronizing modes of operation, coverage range is slightly degraded due to Rayleigh fading on radio channel.

DVP-XL, DVI-XL, DES-XL use a sync header and periodic sync updates. For operation on fading radio channels, this provides encryption coverage range similar to analog voice coverage.

DVP-XL, DVI-XL, and DES-XL should provide similar coverage on conventional or trunked systems. Since current generation of trunking control channels are not encrypted, someone could monitor which talkgroups are active and the general level of activity, even though they could not monitor the talkgroup conversations on the traffic channels.

Note All trademarks registered to Motorola, Inc.