|
|
|
|
|
|
|
EMU Yugo KzU-44 →
Electronic message encryptor
KzU-42 is a stand-alone digital
message encryption and decryption device,
developed in the former Yugoslavia
around 1984 and built by the
Rudi Čajavec factory in Banja Luka
(Bosnia and Herzegovina). It was intended for manually encoding and decoding
textual messages (telegrams) which were send by means of courier,
morse code,
digital telegraphy (teleprinter)
or verbally over radio or telephone.
Used by the Yugoslav National Army (JNA).
Also known as 3215-1083-1094.
|
The rear section of the leather bag
has one large bay for the battery charger,
a 12V cable and a spare battery (optionally), plus a
smaller bay
for the spare fuses, a pencil, an insulated screwdriver and
a flannel cloth for cleaning the unit.
The KzU-42 is fully self-contained, which means that once the battery
is fitted and the keys are loaded, it can be used straight away.
The keys are entered in two parts and requires a
specific key loading procedure
to be followed. The same keys are used for encoding and decoding,
which means that a reciproke cipher algorithm is used.
|
|
|
|
According to secret order 101-10/85, dated 24 June 1985, the device was
supplied without user manual,
which was also the case
with the KzU-63 voice encryptor
[B].
According to its passport, the device shown here left the factory in
December 1985 and was first used in February 1987 [C].
|
The diagram below shows the various controls of the KzU-42, all of which
are located on the control panel
that is covered by a sealed top lid,
in order to protect it against dust an moist.
The 4.8V NiCd battery pack is fitted
under the small green lid towards the rear. It is held in place by two
bolts. The unit is turned ON by setting the power switch
(just below the display)
to the U-position (uključeno). Press the black
B-button
on the keyboard to initialise the internal counters.
The mode of operation is set with a
2-position MODE-switch, which is located
next to the power switch. It is marked RAD (run) and UPIS (init). Set this
switch to UPIS for entering the cryptographic keys. Once this is done,
set it to RAD for encrypting or decrypting a message. Do not forget to reset
the internal counters (pressing the
black B-button) after changing the mode.
The output is presented on a clear 8-character LED display that is mounted
just behind the keyboard. Messages are entered in groups of 5 letters and
the last group is always shown on the display, preceeded by the current group
number. After entering a message, the counter shows the total number of groups
that have been entered. This should be written on the telegram.
|
|
The device has two keys that have to be set before encrypting or
decrypting a message: the outer key
(VK = vanjski ključ),
and the inner key
(UK = unutarnji ključ). The outer key
is set by a crypto officer and requires the
physical key at the top
right to be set to VK. The inner key is altered
by the operator every three or four days at 8:00 hours.
It requires the physical key to be set to UK. Both keys can have
an arbitrary length, but in practice the daily key was fixed at
50 characters.
|
|
When the device is first turned on, the contents of its internal memory,
and hence the selected encryption key, are fully random. It is therefore
necessary to reset the keys first. This is done by setting the MODE
selector to Initialise (UPIS) and entering the letter 'X' at least
16 times. Then reset the counter
(by pressing the black B-key) and
enter a new inner and outer key.
|
The outer key or master key is set by a crypto officer
who has access to the unit's physical key.
This key is unique for each device and was probably stored elsewhere
(i.e. not with the device).
The physical key is used to set the lock at the top right to the
VK-position (outer key).
The MODE-switch is then set to UPIS (INIT) and the black
B-key is pressed to ensure that the internal position counter is reset.
The officer then resets the existing key (see above)
and enters a new one.
Although at present we do not know how long the master key was and how often
is was changed, we assume that it consisted of 50 characters and that it was valid for one month. Once the Master Key was set, the physical key was set
to the UK-position (inner key) and removed.
|
The inner key is set by the operator at 08:00 in the morning and
is valid for three or for days. It consists of 50 characters
(ten 5-letter groups)
that were obtained via a complex procedure. First the operator has to consult
the so-called A/B Key Table
(tablica ključeva A/B) to obtain 10
pairs of A/B digits [D]. The table was valid for one year and had one page
for each month. Each month was assigned 10 keys (each valid for 3 or 4 days).
Let's examine the entry for 7 February 1987:
A 6 4 7 5 3 1 2 9 0 8 ← row
B 6 3 8 2 5 9 0 4 7 1 ← column
These two lines define 10 digits for A and 10 for B. The operator then
consults a secret Key Card,
e.g.: Document S-42-S, number 059696
with serial number 147 [E]. This key card contains a table with 10 rows
by 10 columns (i.e. 100 cells). Each cell contains one 5-letter group.
The rows are marked A and the columns are marked B. The order of the
rows and columns is scrambled.
Before each row and above each column, the operator has written the
scrambling order, which was probably presented to him verbatim (e.g. during
a briefing). It was also possible to write the scrambling order onto
two small paper rulers
that were supplied as part of the complete set.
The operator now translates the A/B number pairs into 5-letter groups
from his Key Card. In the example above, this would produce the following
groups:
SSHIQ TVEFI WIRMX SMCGU HTDZU AOCRC PMBDK VFDZJ WRFRF PQXBE
The above is the 50-character inner key. The operator now sets the MODE-switch
to UPIS (Init) and resets the existing key first (see above). He then
resets the counter by pressing the black B-key and enters the 50 character
inner key shown above. Whilst doing this, the display shows the total
number of 5-letter groups that have been entered, plus the last 5-letter group.
|
Once the key has been entered,
the MODE-switch is set back to RAD (Run). After resetting the internal
counter (black B-key) the unit is ready for encrypting or decrypting
a message. The encryption algorithm is reciproke, which means that the same
settings are used for encryption and decription. The message is usually
written in 5-letter groups without spaces, for example:
TRYIN GTOHO LDPOS ITION PLEAS ESUPP LYAMM UNITI ONNOW ← plaintext
QFSSZ WPLCH FSLEQ NSAAL QPIET XKPLG KVXSJ UYNSE LZWWT ← ciphertext
When entering the text, the display will first show the plaintext character
(i.e. the key that is pressed). As soon as the key is released, it is
translated into the ciphertext character. After each complete 5-letter group,
the ciphertext is written onto a telegram sheet (of the
supplied block).
|
The KzU-42 was usually delivered in a sturdy green leather carrying case,
marked as TB-101. The case has a canvas carrying strap and a top lid that
can be opened in two parts.
The case has three compartments:
a large one with soft padding
for the KzU-42, a smaller
one for the battery charger and an even smaller one for the other accesories,
such as the fuses, a pencil and a piece of cloth. The case has
cut-outs
that allow the snap-locks of the KzU-42 to be operated without
removing it from the case.
|
|
|
|
The KzU-42 is powered by a rechargable battery pack that is inserted
under a removable green panel towards the rear. The battery pack contains
four 1.2V NiCd cells that should be charged with the accompanying PA-42
battery charger. As the units are now (2015) some 30 years old, the batteries
of any surviving units will be exhausted by now and will
probably be leaking.
|
|
As leaking batteries may potentionally cause damage to the unit, it is
important that they are removed from the unit as soon as possible. If possible,
the NiCd cells should be removed from the battery pack and replaced by new
ones. Alternatively, they could be replaced by a couple of so-called
super-caps which are ideal for demonstrations and will never leak.
|
|
|
The KzU-42 was supplied with the purpose-built PA-42 battery charger
shown in the image on the right. It is actually a large adapter that can be
placed directly into a mains wall socket. The NiCd battery is inserted
into a bay at the front.
The PA-42 is also suitable for charging the batteries from a 12V DC source,
such as the battery of a car. A special cable was supplied to
connect the car battery to the 5-pin socket
at the front of the charger.
|
|
|
Each KzU-42 came with a 30 x 30 cm piece of flannel cloth, which was used
to keep the unit, and especially its keyboard, dry and clean. Apparently,
they used whatever piece of flannel was available, as nearly every set was
supplied with a different one, ranging from plain white to the brightly
coloured one shown here.
The cloth was also used to clean the red lens over the LED display
without scratching it.
|
|
|
Encrypted (or decrypted) messages are usually written down in telegram-style
in groups of five letters. A suitable A5-size
block for writing down such telegrams
was supplied with the set.
It consists of 100 pages, each of which can hold one telegram (both sides)
with a maximum of 200 5-letter groups. The total number of groups should
be written in a box at the top left. This should be equal to the number
shown on the display after the last group has been entered.
|
|
|
|
|
Maintenance booklet
TS-100
|
|
|
Each device left the factory with its own 'personal' passport that shows
when it was released and when it was first issued. Any repairs or other
maintenance issues are also reported in this technical booklet.
According to the first page of the booklet, the KzU-42 unit shown here
was manufactured in 1985 and was released to the Yugoslavian Army (JNA)
in January 1987. It was first issued in the following month.
|
|
|
The cryptographic keys for the KzU-42 came in two parts: an
outer key
that was set by a crypto officer and an
inner key that was set every
three or four days by the operator.
The inner key was obtained via a procedure
that involved a Key Table [D]
and a Key Card [E] as shown here.
The Key Table contains one page for each month of a year. Each page contains
ten indexes, which are used by the operator to find the required letter
groups on the Key Card. This way, the 50-character inner key is recovered.
|
|
|
|
The KzU-42 is housed in a green die-cast aluminium enclosure that measures
approx. 20 x 12 x 8 cm. It has a hinged top lid that is sealed with a rubber
gasket. The actual device is mounted inside the die-cast enclosure and is
held in place by two screws at the left and right center.
|
After releasing these two bolts, the device
can be lifted out,
but when doing so, the cryptographic keys are wiped by a
small tamper switch
that is mounted in a corner at the bottom.
After removing the green top cover (3 bolts at the top and 1 at the rear)
a sturdy metal frame is revealed with 4 large PCBs
fitted onto a backplane.
The PCBs are held together with a large retaining pin
and a long piece of spring metal. After
releasing the spring and the retaining
pin, the PCBs can be taken from the backplane as shown with the lower
two boards on the right.
|
|
|
The lower board
(marked MGP) is the encryption board that 'mixes' each
plaintext character with a character produced by the pseudo random generator.
As this uses binary adding (XOR), the same process of mixing
can be used for decryption
as well as it is fully reversible (reciproke).
|
The second board from the bottom
(OUT) holds the actual cryptographic
keys in a series of shift-registers. The keys are used as the start value
(a.k.a. initial vector, or IV) of the Pseudo Random Number Generator, or PRNG.
The complexity of this generator and its (non)linear behaviour determines the
strength of the cipher and, hence, the cryptographic security of the system.
The remaining two boards are used for user interaction. The
largest one
holds the 27-button keyboard (shown on the right),
the power switch (I / U) and the MODE-selector (RAD / UPIS).
|
|
|
The upper board
is only half the size of the other ones and is mounted
behind the keyboard. It holds the 8-digit alphanumeric LED display,
which consists of two pre-assembled 4-digit units.
The metal frame holds everything together and also holds the physical
lock (at the top right) and a
recessed ZEROIZE button (at the top left).
A small PCB with two large copper pads, is mounted to
the rear of the frame.
It forms the base of the rear compartment and acts as battery contacts.
|
|
According to the checklist
that was supplied with each KzU-42 [B],
the following items were available. It is mentioned specifically,
that the operator's manual is not supplied with the unit.
|
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Tuesday 22 September 2015. Last changed: Saturday, 14 May 2022 - 09:22 CET.
|
 |
|
|
|
