28 October 1997
UNCLASSIFIED ENCRYPTION EQUIPMENT GUIDE
This guide was developed for Department of Energy (DOE) employees and DOE
contractors as an information source concerning the protection of sensitive
unclassified (SU) information transmitted over DOE phone lines or other
communications media. The contents of this document are intended to provide
information relevant to the protection of SU information in electronic form
on DOE systems. The information contained herein is not meant to be a guide
or standard regarding the process of SU. It is intended to be an information
source which may be of use to DOE employees and DOE contractors. Questions
concerning DOE policy regarding the encryption of SU should be referred to
DOE Headquarters, HR-433.
Entrust is a family of software products designed to provide
encryption digital signature capabilities to support public key cryptography.
It ensures privacy for information on or transmitted from Windows, Macintosh,
and Unix machines with the FIPS approved DES algorithm. Digital signatures
which provide for authentication of the sender's identity and non-repudiation
may be provided by RSA or DSS public key algorithms. Other algoritms are
supported by the Entrust software. Operation of the software is simplified
by graphical user interfaces. The cryptographic Module V and cryptographic
Kernel V are components of the Engrust Client software package. Entrust Client
is a file level encryption and digital signature application used in the
Entrust family. The Entrust family of public key cryptographic products were
developed by Northern Telecom. Additional information, such as pricing and
availability, may be obtained by accessing their web site,
or by calling (919) 992-5525.
Subscriber Encryption Module
The Subscriber Encryption Module is available in the ASTRO line of digital
radios. ASTRO is a set of digital radios designed to meet the guidance of
Project 25, which was created by the Association of Public Safety Communication
Officials (APCO). Project 25 standards promote the development of digital
technology in two-way radio communications. The ASTRO radios provide for
both analog operation and narrowband digital operation. ASTRO radios support
the integration of voice and data communications on a single channel or they
can be configured to allow separate dedicated channels for data and voice.
The radios operate in VHF, UHF, and at 800 MHz frequencies. Full digital
operation is available in a 12.5 KHz narrowband channel. The manufacturer
of the ASTRO digital radios is Motorola, Inc., Communications Sector. Additional
information, such as pricing and availability, may be obtained by accessing
their web site,
http://www.mot.com/LMPS/RNSG/portable.htm, or by calling (847)
LSi, MSi, HSi
CIDEC data encryptors secure sensitive unclassified information over
point-to-point or dial-up communications links. This encryptor is capable
of providing network security in host, LAN server applications. CIDEC encrypts
synchronous simplex, half-duplex, or full-duplex data communications. The
LSi model also operates in an asynchronous mode. A self-synchronizing encryption
mode allows all of the CIDEC encryptor to operate transparent to the user.
Key management is handled by the manufacturer's electronic key management
system (Secure Electronic Exchange of Keys - SEEK). The device is configurable
from a front-panel keypad that controls a menu selection of a liquid crystal
display. CIDEC supports the DES encryption algorithm at data rates from 256
Kbps up to 2 Mbps. The individual data rates of the various models are shown
CIDEC LSi - 1200 bps-256 Kbps synchronous and 75 bps-19.2 Kbps
CIDEC MSi - 1200 bps-768 Kbps synchronous
CIDEC HSi - 56 Kbps-2Mbs synchronous
The manufacturer of CIDEC is CYLINK Corporation. Additional information,
such as pricing and availability, may be obtained by accessing their web
http://www.cylink.com/products/security/securewa.htm, or by calling
The Datacryptor 64E encryption device is an end-to-end packet encryptor designed
to protect information transmitted through Public and Private X.25 packet
switched networks. Data encrypted prior to transmission remains encrypted
throughout the network. Decryption takes place at the data's final destination.
The Datacryptor 64E only encrypts the packet's data field. The address and
control information remains unencrypted. Key management for the Datacryptor
64E is compliant with the X9.17 Key Management Standard. The Datacryptor
64E can be used with or without the manufacturers key management center.
When used with the manufacturer's key management center, the Datacryptor
64E uses a 3-key system for key management functions. Without the manufacturers
key management system, a 2-key system is employed. The housing of the Datacryptor
64E is tamper resistant. When tampering is detected, all stored keys are
automatically erased and the operating parmeters are reset. The Datacryptor
is manufactured by RACAL Data Group. Additional information, such as pricing
and availability, may be obtained by accessing their web site,
http://22.214.171.124/rdg/products/ds/ds1164/ds1164.htm, or by
calling (703) 471-0892.
The Datacryptor 64 encryption device is designed for use in point-to-point,
multi-drop, dial-up, and dedicated network applications. It operates at speeds
up to 64 Kbps synchronous mode and up to 19.2 Kbps in an asynchronous mode.
Key management for the Datacryptor 64 is compliant with the X9.17 Key Management
Standard. The Datacryptor 64 uses a 2-key system for key management. It can
generate and store up to 400 keys. The housing of the Datacryptor 64 is tamper
resistant. When tampering is detected, all stored keys are automatically
erased and the operating parameters are reset. The Datacryptor is manufactured
by RACAL Data Group. Additional information, such as pricing and availability,
may be obtained by accessing their web site,
http://126.96.36.199/rdg/products/ds/ds0770/ds0770.htm, or by
calling (703) 471-0892.
The MTS 2000 is a full featured portable analog radio designed to be modified
through software upgrades. Users can custom program critical features through
programmable buttons and soft key access. Bandwidth operation is software
configuration and can be programmed to operate at 12.5, 5/30 KHz channel
bands. One MTS 2000 radio can operate over multiple sub-bands, providing
for interoperability between organizations. Encryption capabilities are
compatible with Motorola SECRENET. The MTS 2000 is manufactured by Motorola
Corporation. Additional information, such as pricing and availability, may
be obtained by accessing their web site,
http://www.mot.com/LMPS/RNSG/portable.htm, or by calling (312)
The Spectra is a family of ruggidized analog radios. Spectra radios are designed
with front control panel programming to facilitate quick changes inv arious
radio features. The Spectra operates at UHF, VHF, 800 MHz, and 900 MHz
frequencies. Encryption capabilities are compatible with Motorola SECURENET.
The Spectra is manufactured by Motorola Corporation. Additional information,
such as pricing and availability, may be obtained by accessing their web
http://www.mot.com/LMPS/RNSG/mobile.htm, or by calling (312) 397-1000.
SafeNet is an integrated internet security system designed to protect dial-up
and Local Area Network (LAN) connections. SafeNet products are compatible
with Internet protocols and can support secure Internet connections through
encryption and user/data authentication. Packet encryption technics provide
operations transparent to users, applications and the network. The SAFENET
product line utilizes DES encryption compliant with FIPS 140-1, level 2
requirements. SafeNet also provides digital signature user authentication
through ANSI X9.26 requirements, private key management utilizing X9.17,
and public key management utilizing X.509 certificates.
SafeNet/LAN combines firewall packet and socket filtering, data encryption
and address verification to prevent spoofing. Encrypted authentication codes
are generated to prevent modification of IP addresses. SafeNet/LAN automatically
generates a security header using encryption that provides protection against
address spoofing. It also allows the user to specify only encrypted
SafeNet/Security Center provides comprehensive, central security management
for all SafeNet products and security services on a single high performance
workstation. Support is provided for public key management (X.509) and private
key management (X9.17).
SafeNet/Dial is a pocket size encrypting token with a 28.8 Kbps modem. It
authenticates the user and automatically encrypts the data.
Safe/Mail signs and encrypts e-mail messages using digital signatures and
standard e-mail packages.
The SafeNet product is manufactured by Information Resource Engineering.
Additional information, such as pricing and availability, may be obtained
by accessing their web site,
http://www.ire.com/prod/safenet/htm, or by calling (410) 931-7500.
CIPHER X 5000A
Cipher X 5000A is a family of network encryptors capable of providing secure
communication over public and private networks. These products are designed
to perform synchronous and asynchronous X.25 and TCP/IP protocol sensitive
encryption. Synchronous data rates up to 64 Kbps are obtainable and asynchronous
up to 38.4 Kbps. Cipher X 5000A encryption products are compliant with the
DES encryption algorithm standards. They can support up to 255 simultaneous
virtual circuits, each with its own encryption key, effectively providing
secure end-to-end encryption for each circuit. The Cipher X 5000A cprotocol
sensitive models also provide discretionary access control and support for
up to four separate groups. Each group functions as a secure sub-network
and is controlled by a network address table. Central key management is provided
on-line by the Technical Communications Corporation (TCC) Crypto Management
System (CMS) and off-line by the TCC KEYNET Key and Network Management System.
Cipher X 5000 products are manufactured by Technical Communications Corporation.
These devices are also leasable through General Services Administration (GSA)
starting at a base price of $88.00 a month per unit. Also refer to their
web site at
http://www.tccsecure.com/cx850.htm, or by calling (617) 862-6035
for additional pricing information.
Please send any questions or comments to Sharon L. Shank of the
Architecture, Standards and Engineering Group, Office of Information Management,
at Sharon.Shank@hq.doe.gov or
by telephone at (301) 903-3047.