4RF Aprisa SR+ User Manual - page 176
174 | Managing the Radio
Aprisa SR+ User Manual 1.5.3
Key Encryption Key Summary
The security of over-the-air-rekeying depends on a truly random Key Encryption Key. This is why the use
of a Raw Hexadecimal key is recommended as a plain text phrase based on known spelling and grammar
constructs is not very random. The
default
Key Encryption Key is provided only to allow testing of the
security mechanism and is not intended for operational use. Using the default Key Encryption Key
undermines the security of the AES payload encryption because an attacker using the default Key
Encryption Key would immediately recover the AES payload key after the first over-the-air-rekeying event.
When the Security Level is set to Strong, various protections are applied to the Key Encryption Key setting
to prevent tampering. In addition, the Key Encryption Key Type, Key Encryption Key Size, and the Key
Encryption Key itself are all loaded from a customer prepared USB key. This is a one way operation to
prevent key recovery from radios. While the ability to save a Key Encryption Key to USB exists in Standard
Security Level, the Strong Security Level Key Encryption Key is not compromised because the Strong Key
Encryption Key is not the same as the Standard Security Level Key Encryption Key.