A fill device or key loader is a module used to load
cryptographic keys
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key c ...
into electronic
encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
machines. Fill devices are usually hand held and electronic ones are battery operated.
Older mechanical encryption systems, such as
rotor machine
In cryptography, a rotor machine is an electro-mechanical stream cipher device used for encrypting and decrypting messages. Rotor machines were the cryptographic state-of-the-art for much of the 20th century; they were in widespread use in the 19 ...
s, were keyed by setting the positions of wheels and plugs from a printed keying list. Electronic systems required some way to load the necessary cryptovariable data. In the 1950s and 1960s, systems such as the
U.S.
The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territori ...
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
KW-26
The TSEC/KW-26, code named ROMULUS, (in 1966 the machine based encryption system was not code-named "Romulus," rather the code-name was "Orion," at least in the US Army's variant) was an encryption system used by the U.S. Government and, later, ...
and the
Soviet Union
The Soviet Union,. officially the Union of Soviet Socialist Republics. (USSR),. was a transcontinental country that spanned much of Eurasia from 1922 to 1991. A flagship communist state, it was nominally a federal union of fifteen national ...
's
Fialka
In cryptography, Fialka (M-125) is the name of a Cold War-era Soviet cipher machine. A rotor machine, the device uses 10 rotors, each with 30 contacts along with mechanical pins to control stepping. It also makes use of a punched card mechanism ...
used
punched card
A punched card (also punch card or punched-card) is a piece of stiff paper that holds digital data represented by the presence or absence of holes in predefined positions. Punched cards were once common in data processing applications or to di ...
s for this purpose. Later
NSA encryption systems
The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still Classified information in the United States, classified, but ...
incorporated a
serial port
In computing, a serial port is a serial communication interface through which information transfers in or out sequentially one bit at a time. This is in contrast to a parallel port, which communicates multiple bits simultaneously in parallel. ...
fill connector and developed several common fill devices (CFDs) that could be used with multiple systems. A CFD was plugged in when new keys were to be loaded. Newer
NSA
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
systems allow "
over the air rekeying" (OTAR), but a master key often must still be loaded using a fill device.
NSA uses two serial protocols for key fill, DS-101 and DS-102. Both employ the same
U-229 6-pin connector type used for U.S. military audio
handset
A handset is a component of a telephone that a user holds to the ear and mouth to receive audio through the receiver and speak to the remote party using the built-in transmitter. In earlier telephones, the transmitter was mounted directly on ...
s, with the DS-101 being the newer of the two serial fill protocols. The DS-101 protocol can also be used to load cryptographic algorithms and software updates for crypto modules.
Besides encryption devices, systems that can require key fill include
IFF
In logic and related fields such as mathematics and philosophy, "if and only if" (shortened as "iff") is a biconditional logical connective between statements, where either both statements are true or both are false.
The connective is bicon ...
,
GPS
The Global Positioning System (GPS), originally Navstar GPS, is a Radionavigation-satellite service, satellite-based radionavigation system owned by the United States government and operated by the United States Space Force. It is one of t ...
and
frequency hopping
Frequency-hopping spread spectrum (FHSS) is a method of transmitting radio signals by rapidly changing the carrier frequency among many distinct frequencies occupying a large spectral band. The changes are controlled by a code known to both tra ...
radios such as
Have Quick and
SINCGARS
Single Channel Ground and Airborne Radio System (SINCGARS) is a Combat-net radio (CNR) used by U.S. and allied military forces. The CNR network is designed around three systems: SINCGARS, the high frequency (HF) radio, and the SC tactical sate ...
.
Common fill devices employed by NSA include:
*KYK-28 pin gun used with the
NESTOR (encryption)
NESTOR was a family of compatible, tactical, wideband secure voice systems developed by the U.S. National Security Agency and widely deployed during the Vietnam War through the late Cold War period of the 1980s. NESTOR consists of three syst ...
system
*
KYK-13
The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the ...
Electronic Transfer Device
*KYX-15 Net Control Device
*MX-10579 ECCM Fill Device (
SINCGARS
Single Channel Ground and Airborne Radio System (SINCGARS) is a Combat-net radio (CNR) used by U.S. and allied military forces. The CNR network is designed around three systems: SINCGARS, the high frequency (HF) radio, and the SC tactical sate ...
)
*KOI-18
paper tape
Five- and eight-hole punched paper tape
Paper tape reader on the Harwell computer with a small piece of five-hole tape connected in a circle – creating a physical program loop
Punched tape or perforated paper tape is a form of data storage ...
reader. Can read 8-level paper or
PET
A pet, or companion animal, is an animal kept primarily for a person's company or entertainment rather than as a working animal, livestock, or a laboratory animal. Popular pets are often considered to have attractive appearances, intelligence, ...
tape, which is manually pulled through the reader slot by the operator. It is battery powered and has no internal storage, so it can load keys of different lengths, including the 128-bit keys used by more modern systems. The KOI-18 can also be used to load keys into other fill devices that do have internal storage, such as the
KYK-13
The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the ...
and
AN/CYZ-10
A fill device or key loader is a module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and electronic ones are battery operated.
Older mechanical encryption systems, such as rotor machin ...
. The KOI-18 only supports the DS-102 interface.
*AN/CYZ-10 Data Transfer Device (DTD) - a small
PDA
PDA may refer to:
Science and technology
* Patron-driven acquisition, a mechanism for libraries to purchase books
*Personal digital assistant, a mobile device
* Photodiode array, a type of detector
* Polydiacetylenes, a family of conducting poly ...
-like unit that can store up to 1000 keys, maintains an automatic internal
audit trail
An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific ...
of all security-relevant events that can be uploaded to the
LMD/KP, encrypts key for storage, and is programmable. It is capable of keying multiple information systems security (
INFOSEC
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...
) devices and is compatible with such
COMSEC equipment as
SINCGARS
Single Channel Ground and Airborne Radio System (SINCGARS) is a Combat-net radio (CNR) used by U.S. and allied military forces. The CNR network is designed around three systems: SINCGARS, the high frequency (HF) radio, and the SC tactical sate ...
radios, KY-57 VINSON,
KG-84
The KG-84A and KG-84C are encryption devices developed by the U.S. National Security Agency (NSA) to ensure secure transmission of digital data. The KG-84C is a Dedicated Loop Encryption Device (DLED), and both devices are General-Purpose Telegra ...
, and others that are keyed by common fill devices (CFDs). The AN/CYZ-10 supports both the DS-101 and DS-102 interfaces. It was developed in the early 1990s, weighs about 4 lb (1.8 kg), and was designed to be fully compatible with future INFOSEC equipment meeting DS-101 signaling and benign fill standards. It will eventually replace the legacy family of CFDs, including the
KYK-13
The KYK-13 Electronic Transfer Device is a common fill device designed by the United States National Security Agency for the transfer and loading of cryptographic keys with their corresponding check word. The KYK-13 is battery powered and uses the ...
, KYX-15 electronic storage devices, and the KOI-18
paper tape
Five- and eight-hole punched paper tape
Paper tape reader on the Harwell computer with a small piece of five-hole tape connected in a circle – creating a physical program loop
Punched tape or perforated paper tape is a form of data storage ...
reader. Only the DTD and the KOI-18 support newer,
128-bit keys.
*
Secure DTD2000 System (SDS) - Named KIK-20, this was the next generation common fill device replacement for the DTD when it started production in 2006. It employs the
Windows CE
Windows Embedded Compact, formerly Windows Embedded CE, Windows Powered and Windows CE, is an operating system subfamily developed by Microsoft as part of its Windows Embedded family of products.
Unlike Windows Embedded Standard, which is base ...
operating system.
*
AN/PYQ-10 Simple Key Loader (SKL) - a simpler replacement for the DTD.
*
KSD-64
The KSD-64 Crypto Ignition Key (CIK) is an NSA-developed EEPROM chip packed in a plastic case that looks like a toy key. The model number is due to its storage capacity — 64 kibibits (65,536bits, or 8KiB), enough to store multiple en ...
Crypto ignition key (CIK)
*
KIK-30, a more recent fill device, is trademarked as the "Really Simple Key Loader" (RASKL) with "single button key-squirt." It supports a wide variety of devices and keys.
The older KYK-13,
KYX-15 and MX-10579 are limited to certain key types.
See also
*
List of cryptographic key types
This glossary lists types of key (cryptography), keys as the term is used in cryptography, as opposed to key (lock), door locks. Terms that are primarily used by the U.S. National Security Agency are marked ''(NSA)''. For classification of keys ac ...
References
External links
Fill devices
{{commonscat, Fill devices in the National Cryptologic Museum
Key management
Encryption device accessories
National Security Agency encryption devices