Click for homepage
SABER Key Loading
Loading Key Variables into a SABER series radio

Any crypto-enabled SABER hand-held radio, with an appropriate encryption module fitted, needs to be loaded with suitable cryptographic key material (called: Key Variables by Motorola), before the secure voice feature can be used. Key loading is done with a Key Variable Loader (KVL).

In the past, Motorola had a separate KVL for each individual cryptographic algorithm, such as DVP, DES and DES-XL. Such single-algorithm key loaders have model numbers starting with T30.., e.g. T3010 (DVP), T3020 (DES), T3011 (DES-XL) and T3012 (DVI), and can often be found for a reasonable price on auction sites such as Ebay.

In 2001, Motorola replaced the existing key variable loaders with a single new device, the KVL-3000 that could handle all cryptographic algorithms that were available at the time. 1 The image on the right shows a typical KVL-3000.
  

On this page we will show how to load cryptographic keys into a SABER radio using a KVL-3000. Please note that using an older key loader, such as the T3010, will be different. Nevertheless you should be able to use this page as a guide. Also note that the later KVL-3000 Plus does not support the older DVP algorithm. Instead it supports the newer DVP-XL algorithm only.

  1. Although the KVL-3000 can handle all cryptographic algorithms, each algorithm has to be ordered and installed separately, which is quite expensive. The KVL-3000 is no longer supported by Motorola, but has meanwhile been replaced by the KVL-3000+.

Which keyloader to use?
  1. Only 2 algorithms can be supported smultaneously. Each algorithm has to be ordered separately from Motorola. Upgrades for the KVL-3000 are not longer available. Check before buying.
  2. Each algorithm has to be ordered separately, so there is no guarantee that they are already loaded when you buy one. This version does not support the old DVP format.

Warning   KVL-3000
Although it is often suggest that the KVL-3000 supports all Motorola encryption algorithms, this is not the case. It is true that it can support these algorithms, but only two of them can be present in a single KVL-3000. Buying a KVL-3000 from, say, eBay can be dangerous. Althoug many are listed as supporting all algorithms, in practice most versions only support plain DES.

When buying a used KVL-3000, ensure that it supports at least two algorithms (e.g. DES and DVP). As the KVL-3000 is no longer supported by Motorola, there is no chance of obtaining an upgrade from them. The KVL-3000+ is still supported by Motorola, but again all algorithms have to be bought and installed separately. Furthermore, the KVL-3000+ does not support the old DVP algorithm (it does support DVP-XL however).


Connecting the radio
When connecting the KVL to the radio, a suitable cable is needed. One end of this cable is connected to the Universal Connector (at the rear of the radio, just below the antenna base) whilst the other end it fitted to the 8-way MX-type socket at the rear of the KVL. As nearly every generation of Motorola radio has its own typical Universal Connector, a different key loading cable is required for each type of radio. All key loaders however, have the same MX-type socket.

As suitable cables are hard to find these days, it might be easier to find a Hirose adapter for the SABER (NTN5664) and use a more standard Hirose KVL cable TKN8531 (C) instead.

As Hirose is commonly used for surveillance accessories these days, such adapters and cables should be relatively easy to find. Most SABER Hirose adapters however, only have the pins necessary for audio in/out and PTT. You need to ensure that you have a fully populated Hirose adapter, that includes the contact pins needed by the key loader, such as the one shown here.
  

Once the batteries of the keyloader are installed and loaded, suitable keys can be programmed into any of its compartments. For testing, it is sufficient to load a single key into the first key compartment (0000). Once this is done, the keyloader should be connected to the radio.

This done by connecting a cable directly between the keyloader and the universal connector of the SABER, or via the Hirose adapter, as described above. In our case, we've used the adapter. Once the two devices are connected, ensure that the SABER is ON and select LOAD on the keyloader.

The key will now be transferred to the SABER in less than a second. If all goes well, the display on the KVL will show KEY LOAD SUCCESSFUL. During the transfer you may hear a buzzing sound. When the KVL-3000 is connected, the display of a SABER II or III will show KEY LOAD.
  

The appropriate key is now loaded into the SABER. Most encryption modules for the SABER can hold just one key at any time, so you don't need to worry about which compartment to store it in. When programming multikey encryption modules, you may have to select a destination first. Repeat the above procedure for all radios that should be able to communicate with each other.

Hirose Adapter with Key-load capability
Rear view of KVL-3000 and loader cable
Hirose cable connected to KVL-3000
Keyloader cable and SABER Hirose Adapter (NTN5664)
Hirose adapter connected to the SABER
KVL-3000 connected to a SABER radio
Key EDIT and LOAD screen
SABER II showing KEY LOAD
A
×
A
1 / 8
Hirose Adapter with Key-load capability
A
2 / 8
Rear view of KVL-3000 and loader cable
A
3 / 8
Hirose cable connected to KVL-3000
A
4 / 8
Keyloader cable and SABER Hirose Adapter (NTN5664)
A
5 / 8
Hirose adapter connected to the SABER
A
6 / 8
KVL-3000 connected to a SABER radio
A
7 / 8
Key EDIT and LOAD screen
A
8 / 8
SABER II showing KEY LOAD

Secure operation
Your SABER is now ready for secure operation. If your channels have been set up properly using the SABER RSS, you should be able to switch between clear and secure operation now. Select a channel that has been set up for secure operation and toggle the switch on the top panel from O to Ø. Now try to contact a radio with the same settings. If all goes well, you should be able to communicate. When in secure mode, the speech quality will be slightly less than in clear mode, but it should still be more than adequate to recognize the person at the other end.

When transmitting in secure mode, a potential interceptor will hear nothing but 'white noise' on the channel, just as if the squelch isn't closed. You may monitor this by using a communication receiver or a non-crypto SABER radio adjusted to the same frequency. A crypto-enabled SABER, will automatically switch between CLEAR and SECURE when receiving a signal.

To prevent sending messages in the clear when no valid encryption key is loaded, you can use the RSS to configure the SABER to generate alert tones. Switching to secure mode Ø without a key present, will also produce an alert. The radio will not transmit in secure mode without a valid key.


Zeroizing
Like most professional crypto radios, SABER has an emergency procedure for quickly deleting the cryptographic keys, in case security is compromised. This procedure is known as ZEROIZING and consists of removing the battery from an active (switched-on) device. Once the device has been ZEROIZED, it can not longer be used in secure mode, until new keys have been loaded.

Note that the above proceduce may cause problems when swapping the battery. If the battery is nearly empty, switch off the device before removing the battery. This is the only way to retain the cryptographic keys that are stored inside the device. After fitting a fresh battery, turn the device ON again and resume operation.


References
  1. Motorola, Model NTN5664, Surveillance Accessory Adapter with Keyload Capability
    1989-1992. Installation leaflet.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Friday 25 February 2011. Last changed: Thursday, 19 July 2018 - 15:43 CET.
Click for homepage