Results 1 to 15 of 15

Thread: MultiKey Decrypt and Random Key Encrypt

  1. #1
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default MultiKey Decrypt and Random Key Encrypt

    Does MultiKey Decrypt and Random Key Encrypt only work with "Full Encrypt-Hytera" or "Full Encrypt-DMRA"? I've tried to test it with just the standard "Full" encrypt using 10 character (40 bit) keys but I can't get it to work.

    If I set a single key then both radios work fine. If I tick "MultiKey Decrypt" and "Random Key Encrypt" then the RX radio receives but does not decrypt the voice so I just get encrypted voice. The options are not greyed out so I guess they can be used with the standard free "Full" encryption. Both radios ate PD785 with the same firmware and encryption keys.


  2. #2
    Join Date
    Feb 04, 2012
    Posts
    1,746
    Thanks
    98
    Thanked 415 Times in 215 Posts

    Default

    For the radio to decrypt it needs to have the encrypt key in its key list.

  3. #3
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default

    Quote Originally Posted by Notarola View Post
    For the radio to decrypt it needs to have the encrypt key in its key list.
    Yup. Got that. Both radios have the exact same key list.

    I can select a static key, say Key 3, on both radios and it's fine but check the MultiKey Decrypt and Random Key Encrypt boxes and the radio fails to decrypt.

  4. #4
    Join Date
    Feb 04, 2012
    Posts
    1,746
    Thanks
    98
    Thanked 415 Times in 215 Posts

    Default

    Do you have any information on how the feature is supposed to function.

  5. #5
    Join Date
    Dec 21, 2011
    Posts
    4,163
    Thanks
    2,839
    Thanked 5,063 Times in 1,500 Posts
    Country: Canada

    Default

    Quote Originally Posted by Notarola View Post
    Do you have any information on how the feature is supposed to function.
    1.jpg

    2.jpg

    These screenshots are from the latest HYT CPS (V9.00.08.400.iM.NA2)

  6. The Following User Says Thank You to Mars For This Useful Post:

    Outpost Delta (Feb 06, 2019)

  7. #6
    Join Date
    Feb 04, 2012
    Posts
    1,746
    Thanks
    98
    Thanked 415 Times in 215 Posts

    Default

    Thanks it works as I suspected. the unit randomly selects a key from the list. Since the Op says hes using a cloned list it should work unless like Moto you have to manually enter in the keys. I would try that first.

  8. #7
    Join Date
    Dec 21, 2011
    Posts
    4,163
    Thanks
    2,839
    Thanked 5,063 Times in 1,500 Posts
    Country: Canada

    Default

    Quote Originally Posted by Notarola View Post
    Thanks it works as I suspected. the unit randomly selects a key from the list. Since the Op says hes using a cloned list it should work unless like Moto you have to manually enter in the keys. I would try that first.
    HYT CPS behaves like the Moto CPS, with respect to the inability (a good thing) to read a radio codeplug and extract keys. It will also error-out if a radio is read, and the keys are not entered before reprogramming the device.

    Also, just to clarify some HYT terms used in this thread:

    Basic Encrypt: 40-bit crap encryption (RC4, compatible with Moto EDP)

    Full Encrypt-Hytera: 256-bit encryption which is restricted to within China. Supposedly the Chinese government has a severe distribution restriction on this algorithm. It's not available (to my knowledge) outside of the Chinese military/law-enforcement community.

    Full Encrypt-DMRA: 256-bit AES encryption. Fully-compatible with Motorola's DMRA-standard AES-256 implementation. I've tested it myself between radios.

    Although unrelated to the thread, I'll put this here for future reference: HYT's 40-bit and 256-bit DMRA encryption is 100% compatible with Motorola's 40-bit "Enhanced Privacy" and 256-bit AES offerings. Unfortunately the HYTs are not compatible with MOTOTRBO RAS or any proprietary MOTOTRBO tier II trunking product, such as Capacity Plus or Linked Capacity Plus. HYT's "Enhanced Channel Access" and "Transmit Interrupt" features are also non-compatible with the way in which it's implemented in MOTOTRBO products.

    Long story short: HYT and MOTOTRBO products may only communicate with each other on a conventional, simplex or IP Site Connect network, including those with 40-bit or 256-bit voice encryption. Unknown if an HYT radio with Tier III trunking will work on a Motorola Capacity Max system. I have a radio with Tier III, but no system to test it on. Also unknown if a MOTOTRBO Capacity Max radio will work on a Hytera Tier III system. You'd think so, but with both vendors making **** proprietary all the time...one never can tell until they test it.

  9. The Following User Says Thank You to Mars For This Useful Post:

    com501 (Feb 06, 2019)

  10. #8
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default

    Thanks both.

    This is what the documentation says...

    The use of "Random Key Encrypt", will offer the highest level of security as with every PTT, the terminal will select a random key from your list of (30) keys and use that key for the transmission and continue to randomize with every PTT.

    What I am trying to clarify is if it should work with the standard "Full" encryption using 40 bit keys or weather it need the "Full Encrypt-Hytera" licence. The fields are selectable in the CPS with the basic "Full" encryption selected but it does not seem to work for me.

  11. #9
    Join Date
    Dec 21, 2011
    Posts
    4,163
    Thanks
    2,839
    Thanked 5,063 Times in 1,500 Posts
    Country: Canada

    Default

    Quote Originally Posted by Outpost Delta View Post
    Thanks both.

    This is what the documentation says...

    The use of "Random Key Encrypt", will offer the highest level of security as with every PTT, the terminal will select a random key from your list of (30) keys and use that key for the transmission and continue to randomize with every PTT.

    What I am trying to clarify is if it should work with the standard "Full" encryption using 40 bit keys or weather it need the "Full Encrypt-Hytera" licence. The fields are selectable in the CPS with the basic "Full" encryption selected but it does not seem to work for me.
    Confirming your KIDs and keys match in both codpelugs? HYT will allow you to create "random" keys (it fills the key variable field with random data when you "add" a key to the context field). Also confirm your firmware is identical in both radios (should be current) and same with CPS?

  12. #10
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default

    Quote Originally Posted by Mars View Post
    Confirming your KIDs and keys match in both codpelugs? HYT will allow you to create "random" keys (it fills the key variable field with random data when you "add" a key to the context field). Also confirm your firmware is identical in both radios (should be current) and same with CPS?
    Yup. All KID and key values match. I've also confirmed this by setting a static key and testing for each key entry (that took some time!). Works fine if I set static keys, not if I select Random Key. My next step is to set different static key on 2 radios and select multi key decrypt to see if the mismatched TX keys will decode. That will narrow down the problem to either the Multi Key Decrypt or the Random Key Encrypt...

    Same firmware and CPS used on all radios.

  13. #11
    Join Date
    Dec 21, 2011
    Posts
    4,163
    Thanks
    2,839
    Thanked 5,063 Times in 1,500 Posts
    Country: Canada

    Default

    Quote Originally Posted by Outpost Delta View Post
    Same firmware and CPS used on all radios.
    And what versions would those be?

  14. #12
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default

    Firmware A9.00.07.101.iM
    CPS V9.00.07.712.iM.EM5

    I'm testing with 2 x PD785 and 1 x MD785G

  15. The Following User Says Thank You to Outpost Delta For This Useful Post:

    Mars (Feb 14, 2019)

  16. #13
    Join Date
    Feb 04, 2012
    Posts
    1,746
    Thanks
    98
    Thanked 415 Times in 215 Posts

    Default

    I would try building up to the full key set you have. start with 3-4 keys and then test the feature. You could program separate key strapped channels on the RX radio to see what key is being transmitted to verify that the TX key is 'randonly' being selected form the 3- 4 keys. Once you verify the key is rotating you can then explore why its not being chosen by the RX unit in random mode.

  17. #14
    Join Date
    Nov 13, 2015
    Location
    SE Michigan
    Posts
    41
    Thanks
    13
    Thanked 38 Times in 17 Posts
    Country: United States

    Default

    IIRC, you need the advanced encryption license to enable "random key".
    Once you enable it, I'd recommend not having any ARC4 keys set up because it will rotate to them if they're in your list.
    Just use all AES keys, 128 or 256 bit. 256 DMRA if you need to talk to Moto's.

  18. The Following User Says Thank You to RO_POL1 For This Useful Post:

    Mars (Feb 14, 2019)

  19. #15
    Join Date
    Feb 02, 2019
    Location
    UK
    Posts
    10
    Thanks
    2
    Thanked 5 Times in 4 Posts
    Country: UK

    Default

    Thanks all.

    I reset all the radios, loaded up a blank codeplug and tried again. I can confirm that it all works using the standard 'full' encryption with 40 bit keys.

  20. The Following User Says Thank You to Outpost Delta For This Useful Post:

    Mars (Feb 14, 2019)