EasyManua.ls Logo

Curtiss-Wright DTS1+ CSfC - Page 37

Default Icon
153 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
User Guide DDOC0199-000-A9
1-Slot Data Transport System (CSfC) 6 - 3 Encryption
© 2024 Curtiss-Wright Defense Solutions Revision 3.0
Key............................................. This term is used in the context of the RMC module, referring to
the DEK and PSK or EDEK and MAC. The singular form key
applies to all keys required by the RMC module.
DEK ........................................... Data Encryption Key in plain text.
EDEK ......................................... Encrypted DEK is a DEK that is encrypted or wrapped.
PSK............................................ Pre-Shared Key is a common key between the user workstation
and the DTS1+ CSfC crypto module, allowing each to read the
encryption of the other.
KEK............................................ Key Encryption Key is the key used to create the EDEK.
MAC........................................... Message Authentication Code is a value used to validate
messages carrying a key.
CM ............................................. Crypto Module is the circuitry in the DTS1+ CSfC that manages
encryption keys and uses them to encrypt/decrypt data.
Install ......................................... Sending the key from the user’s workstation to the encryption
chip serving a specified RMC module slot.
Save........................................... Store a key to the CM memory.
Load........................................... Move (copy) the saved key from the CM memory to the
encryption chip serving a specified RMC module slot.
Unload ....................................... Removal of the key from the CM encryption chip.
Delete ........................................ Removal of the key from the CM memory.
6.3 Hardware Layer Encryption
6.3.1 Pre-Shared Key Setup
NOTE
The Pre-Shared Key (PSK) is no longer maintained by Curtiss-Wright, instead, the user must
assign their own PSK in a secure environment upon receipt. To ensure the PSK is protected, the
user will have to perform a seal operation (via the CLI command cmpsk) to mask the PSK.
Prior to use, the DTS1+ CSfC must be sealed to secure the PSK. During this process, the operator
is also recommended to change the PSK. This can be accomplished by one of two methods:
cmkey command
cmpsk command
6.3.1.1 Change PSK
1. Type cmpsk and press E
NTER key to verify PSK is present.
Example
NOTE
PSK must be a 32 byte (64 hex character) sequence.
2. Replace / change PSK as follows:
NOTE
To change the PSK using the cmkey command, the user must be logged into the encryptor.
a. Type cmkey -p -u and press E
NTER key to change PSK using cmkey command.
cw_dts> cmpsk
[cmpsk]
CMPSK: psk=1f4223ad904c984a3cea44fa763cc2eb4c08398d26f67ef8c1cd50e2549c3ae1
status=OK
[!cmpsk] OK

Table of Contents