XTL/XTS5000 Xts5000 and 2500i encryption compatibility

[BigBackwoodsJim]

I have 2 XTS2500i and 1 XTS5000 all of them have AES256 hardware encryption with either H869 or Q498 multikey. I programmed them all the exact same way in the CPS and the 2 2500i radios communicate encrypted voice just fine. However, I can not get the xts5000 to work encrypted with the 2 2500i radios. Transmitting encrypted both to and from the xts5000 sounds like digital noise.

I'm pretty new to these radios and I'm wondering if my system Package and Flashport options is the reason for the encryption problem. The xts5000 has H35- Conventional System operation and Q806- ASTRO Digital Operation the other 2 don't. Could that be my problem? Has anyone else experienced this? Any help is appreciated.

Here is the info on the radios and some pictures of the feature sets:
Xts5000
System package: Conventional
Host version: R20.50.07
DSP Version: R19.50.01
Secure Version: R05.07.15
KG1: AES-256
KG2: AES-GCM
Flashcode: 5A001-101306-4

Tan XTS2500i
System Package: SMARTZone
Host Ver: R20.50.10
DSP Version: R19.50.01
Secure Version: R05.07.15
KG1: AES-256
FLASHcode: 5A909A-C0178C-4

Black XTS2500i
System Package: SMARTZone
Host Version: R20.00.05
DSP Ver: R19.50.00
Secure Version: R05.07.15
KG1: AES-256
FLASHcode: 56900A-50078D-4

Here is a YouTube video of the problem I'm having.
https://youtu.be/F6qHwwMPFFI?si=uV1n7BfRWeRli3in

 

[DeoVindice]

The key itself doesn't match; the "digital noise" is ciphertext. Check that CKR-KID mapping is correct, and reload keys.

 

[BigBackwoodsJim]

The key itself doesn't match; the "digital noise" is ciphertext. Check that CKR-KID mapping is correct, and reload keys.

Thank you for the information. I will try that as soon as I can. Unfortunately my key loading cable has a stuck pin and will not make contact with the radio. I ordered a new one but didn't get a tracking number yet. FML

 

[BigLebowski]

Are you using KFDTool or a variant to keyload these?

The behavior you describe would lead me to believe that you have the Key ID correct across all 3 radios but the key value itself is different in the XTS5000. The radio will unmute on a matching Key ID with garble even if the key value doesn’t match.

If both the Key ID and Key Value are wrong the radios would stay muted (unless you are in monitor mode).

 

[BigBackwoodsJim]

Are you using KFDTool or a variant to keyload these?

The behavior you describe would lead me to believe that you have the Key ID correct across all 3 radios but the key value itself is different in the XTS5000. The radio will unmute on a matching Key ID with garble even if the key value doesn’t match.

If both the Key ID and Key Value are wrong the radios would stay muted (unless you are in monitor mode).

I used the KFDmini variant of the KFDtool to load the xts5000 myself.
The other 2 radios were keyloaded by the sellers (each 2500 came from a different seller) with the same key I provided them and is the one I'm trying to load into the 5000. I double checked that it was the same key when I uploaded it to the 5000 and I just opened up my container in the KFDtool and it is still the same key. I did leave the "key type" setting as auto. Should I have changed that to TEK or KEK?

 

[N4KVE]

Since all your radios have ADP, why not use that? No keyloader, or cable needed.

 

[N4DES]

When you get the new keyloader cable just reload all 3 radios at the same time with the same key and Key ID information and double check in CPS. As to your question on TEK or KEK, you want the TEK that stands for Traffic Encryption Key.

 

[BigBackwoodsJim]

Since all your radios have ADP, why not use that? No keyloader, or cable needed.

At this point, I've spent the money for hardware encryption and I want to learn to use it. This is just a hobby project for me. I'll probably switch to ADP if I get a 4th radio without a UCM.

 

[BigBackwoodsJim]

When you get the new keyloader cable just reload all 3 radios at the same time with the same key and Key ID information and double check in CPS. As to your question on TEK or KEK, you want the TEK that stands for Traffic Encryption Key.

Thank you so much for all the help everyone. My issue is resolved! Reloading the key on the 5000 with it set to TEK made it work without having to rekey the other 2 radios.
I have a friend that knows how to solder electronics and we stole a pin off of a motorola speaker mic to use on the keyloading cable.

 

[ElevatorsAndRadios]

Since all your radios have ADP, why not use that? No keyloader, or cable needed.

"Why don't you just sacrifice your information security for convenience!" Lol this is so silly.

Hardware AES-256 encryption is the most secure any consumer such as OP is going to get on their two way radio. If they can afford the necessary hardware, they should continue to use this method of encryption if they care about the security of their radio traffic.

 

[N4KVE]

"Why don't you just sacrifice your information security for convenience!" Lol this is so silly.

Hardware AES-256 encryption is the most secure any consumer such as OP is going to get on their two way radio. If they can afford the necessary hardware, they should continue to use this method of encryption if they care about the security of their radio traffic.

Because he said it’s a hobby project. Not a NSA project. I have all the Algo’s in my radio, but the only time I use it with friends is when we’re meeting at the pizza joint, so the other listeners don’t know where we’re eating. So since he said his key loading cable was broken, he could use ADP until he replaces, or fixes the cable. His friend works pretty fast.

 

[KevinC]

AND he posted that the issue has been resolved.

Closing before the ADP can be decrypted by anyone posts start. Jeez!