Loading Key Variables into a SABER series radio
Any crypto-enabled SABER hand-held radio,
with an appropriate encryption
module fitted, needs to be loaded with suitable cryptographic key material
(called: Key Variables by Motorola), before the secure voice feature can be
used. Key loading is done with a Key Variable Loader (KVL).
In the past, Motorola
had a separate KVL for each individual cryptographic
algorithm, such as DVP, DES and DES-XL. Such single-algorithm key loaders
have model numbers starting with T30.., e.g.
T3011 (DES-XL) and T3012 (DVI), and can often be found for a reasonable
price on auction sites such as Ebay.
In 2001, Motorola replaced the existing key variable loaders with a single
new device, the KVL-3000 that could handle all
cryptographic algorithms that were available at the time. 1 The image on the
right shows a typical KVL-3000.
On this page we will show how to load cryptographic keys into a SABER
radio using a KVL-3000. Please note that using an older key loader,
such as the T3010,
will be different. Nevertheless you should be able
to use this page as a guide. Also note that the later KVL-3000 Plus
does not support the older DVP algorithm. Instead it supports
the newer DVP-XL algorithm.
Although the KVL-3000 can handle all cryptographic algorithms, each
algorithm has to be ordered and installed separately, which is quite
expensive. The KVL-3000 is no longer supported by Motorola,
but has meanwhile been replaced by the KVL-3000+.
Only 2 algorithms can be supported smultaneously. Each algorithm
has to be ordered separately from Motorola. Upgrades for the KVL-3000
are not longer available. Check before buying.
Each algorithm has to be ordered separately, so there is no guarantee
that they are already loaded when you buy one. This version does not
support the old DVP format.
Although it is often suggest that the KVL-3000 supports
all Motorola encryption algorithms, this is not the case.
It is true that it can support these algorithms, but only
two of them can be present in a single KVL-3000. Buying
a KVL-3000 from, say, eBay can be dangerous. Althoug many are listed
as supporting all algorithms,
in practice most versions only support plain DES.
When buying a used KVL-3000, ensure that it supports at least
two algorithms (e.g. DES and DVP). As the KVL-3000 is no longer supported
by Motorola, there is no chance of obtaining an upgrade from them.
The KVL-3000+ is still supported by Motorola, but again all
algorithms have to be bought and installed separately. Furthermore,
the KVL-3000+ does not support the old DVP algorithm (it does support
When connecting the KVL to the radio, a suitable cable is needed.
One end of this cable is connected to the Universal Connector (at the
rear of the radio, just below the antenna base) whilst the other end
it fitted to the 8-way MX-type socket at the rear of the KVL. As nearly
every generation of Motorola radio has its own typical Universal Connector,
a different key loading cable is required for each type of radio.
All key loaders however, have the same MX-type socket.
As suitable cables are hard to find these days, it might be easier to
find a Hirose adapter for the SABER (NTN5664) and use a more standard
Hirose KVL cable TKN8531 (C) instead.
As Hirose is commonly used for surveillance accessories these days,
such adapters and cables should be relatively easy to find.
Most SABER Hirose adapters however, only have the pins necessary for
audio in/out and PTT. You need to ensure that you have a fully populated
Hirose adapter, that includes the contact pins needed by the key loader,
such as the one shown here.
Once the batteries of the keyloader are installed and loaded, suitable
keys can be programmed into any of its compartments. For testing, it is
sufficient to load a single key into the first key compartment (0000).
Once this is done, the keyloader should be connected to the radio.
This done by connecting a cable directly between the keyloader and the
universal connector of the SABER, or via the Hirose adapter, as described
above. In our case, we've used the adapter. Once the two devices are
connected, ensure that the SABER is ON and
select LOAD on the keyloader.
The key will now be transferred to the SABER in less than a second.
If all goes well, the display on the KVL will show KEY LOAD SUCCESSFUL.
During the transfer you may hear a buzzing sound. When the KVL-3000 is
connected, the display of a SABER II or III
will show KEY LOAD.
The appropriate key is now loaded into the SABER. Most encryption
modules for the SABER can hold just one key at any time, so you don't
need to worry about which compartment to store it in. When programming
multikey encryption modules,
you may have to select a destination first.
Repeat the above procedure for all radios that should be able to
communicate with each other.
Your SABER is now ready for secure operation. If your channels have
been set up properly using the SABER RSS, you should be able
to switch between clear and secure operation now. Select a channel that
has been set up for secure operation and toggle the switch on the top
panel from O to Ø. Now try to contact a radio with the same settings.
If all goes well, you should be able to communicate. When in secure mode,
the speech quality will be slightly less than in clear mode, but it
should still be more than adequate to recognize the person at the other end.
When transmitting in secure mode, a potential interceptor will hear
nothing but 'white noise' on the channel, just as if the squelch isn't closed.
You may monitor this by using a communication receiver or a non-crypto
SABER radio adjusted to the same frequency. A crypto-enabled SABER,
will automatically switch between
CLEAR and SECURE when receiving a signal.
To prevent sending messages in the clear when no valid encryption key
is loaded, you can use the RSS to configure the SABER to generate
alert tones. Switching to secure mode Ø without a key present, will
also produce an alert. The radio will not transmit in secure mode
without a valid key.
Like most professional crypto radios, SABER has an emergency
procedure for quickly deleting the cryptographic keys, in case security
is compromised. This procedure is known as ZEROIZING and consists of
removing the battery from an active (switched-on) device.
Once the device has been ZEROIZED, it can not longer be used in secure
mode, until new keys have been loaded.
Note that the above proceduce may cause problems when swapping the battery.
If the battery is nearly empty, switch off the device
before removing the battery. This is the only way to retain
the cryptographic keys that are stored inside the device.
After fitting a fresh battery, turn the device ON again and resume operation.
- Motorola, Model NTN5664, Surveillance Accessory Adapter with Keyload Capability
1989-1992. Installation leaflet.
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Friday 25 February 2011. Last changed: Friday, 29 September 2017 - 07:31 CET.