Cryptographic Key Ordering Manual (ITSG-13)
Cryptographic Key Ordering Manual (ITSG-13)
Cryptographic Key Ordering Manual (ITSG-13)
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
May 2006
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Foreword<br />
The <strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>) is an unclassified publication issued under<br />
the authority of the Chief, Communications Security Establishment (CSE). CSE, as the lead<br />
agency for cryptography in the Government of Canada (GoC), is responsible for approving the<br />
generation and use of cryptographic equipment and supplying keying material and related<br />
documentation to federal government departments that handle classified and designated<br />
information, and to industry where a government contract or federal sponsorship or partnership<br />
exists.<br />
This publication is effective upon receipt and supersedes the STU III <strong>Key</strong> Management Plan<br />
(CID/01/<strong>13</strong>) dated October 1994 and the Directive on the Control of STU III <strong>Key</strong> for SCI<br />
Applications (NITSM 4/90) dated November 1990.<br />
Suggestions for amendments or requests for additional information should be forwarded through<br />
your departmental Communications Security channels to the Head, Cryptomaterial Management<br />
and Assistance Center (CMAC) at CSE.<br />
Requests for additional copies, changes in distribution of this publication, or for copies of other<br />
referenced publications, should be directed to the Head, CMAC at CSE by e-mail at<br />
cmac@cse-cst.gc.ca or call (6<strong>13</strong>) 991-8826.<br />
___________________________________________________<br />
Sue Greaves<br />
Director, IT Security Mission Management<br />
© 2006 Government of Canada, Communications Security Establishment (CSE)<br />
P.O. Box 9703, Terminal, Ottawa, Ontario, Canada, K1G 3Z4<br />
This publication may be reproduced verbatim, in its entirety, without charge, for educational and<br />
personal purposes only. However, written permission from CSE is required for use of the<br />
material in edited or excerpted form, or for any commercial purpose.<br />
Foreword May 2006 i
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
ii May 2006 Foreword
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Record of Amendments<br />
Amendment No. Date Entered by<br />
Record of Amendments May 2006 iii
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
iv May 2006 Record of Amendments
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Table of Contents<br />
Foreword......................................................................................................................... i<br />
Record of Amendments............................................................................................... iii<br />
Table of Contents.......................................................................................................... v<br />
List of Figures .............................................................................................................. ix<br />
List of Tables ................................................................................................................ xi<br />
List of Abbreviations and Acronyms........................................................................ xiii<br />
1 Introduction ........................................................................................................... 1<br />
1.1 Purpose........................................................................................................... 1<br />
1.2 Scope.............................................................................................................. 1<br />
1.3 Applicability ..................................................................................................... 1<br />
1.4 Restrictions ..................................................................................................... 1<br />
1.5 Exceptions....................................................................................................... 1<br />
1.6 Document Structure ........................................................................................ 1<br />
2 <strong>Key</strong> and <strong>Key</strong> Management Concepts................................................................... 3<br />
2.1 Background ..................................................................................................... 3<br />
2.2 GoC EKMS Overview...................................................................................... 4<br />
2.2.1 General.............................................................................................. 4<br />
2.2.2 Canadian Central Facility (CCF) ........................................................ 4<br />
2.3 GoC EKMS <strong>Cryptographic</strong> <strong>Key</strong> ....................................................................... 6<br />
2.3.1 Traditional and Modern <strong>Key</strong>............................................................... 6<br />
2.3.2 Identification of <strong>Key</strong> ........................................................................... 7<br />
2.3.3 Purposes of <strong>Cryptographic</strong> <strong>Key</strong> ....................................................... 10<br />
2.3.4 Sources of <strong>Cryptographic</strong> <strong>Key</strong> ......................................................... 10<br />
2.3.5 Applications for <strong>Cryptographic</strong> <strong>Key</strong>.................................................. 10<br />
2.3.6 <strong>Cryptographic</strong> <strong>Key</strong> Characteristics................................................... 11<br />
2.4 <strong>Key</strong> Management Process ............................................................................ 11<br />
2.4.1 Overview.......................................................................................... 11<br />
2.4.2 Identifying Requirements for Secure Communications .................... 12<br />
2.4.3 Establishing a COMSEC Account.................................................... 12<br />
2.4.4 Registration of <strong>Key</strong> <strong>Ordering</strong> Privileges ........................................... 12<br />
2.4.5 <strong>Ordering</strong> <strong>Key</strong>.................................................................................... <strong>13</strong><br />
2.4.6 Controlling the Use of <strong>Key</strong>s ............................................................. 14<br />
2.4.7 Replacing <strong>Key</strong>.................................................................................. 14<br />
2.4.8 COMSEC Accounting ...................................................................... 14<br />
3 <strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities ......................................................... 15<br />
3.1 Overview ....................................................................................................... 15<br />
3.2 Departmental Security Officer (DSO)/IT Security Coordinator (ITSC)/<br />
Departmental COMSEC Authority (DCA)...................................................... 15<br />
3.3 Controlling Authority...................................................................................... 16<br />
3.4 Traditional <strong>Key</strong> <strong>Ordering</strong> Privileges............................................................... 16<br />
3.4.1 <strong>Ordering</strong> Privilege Manager (OPM) ................................................. 16<br />
Table of Contents May 2006 v
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
3.4.2 Short Title Assignment Requester (STAR) ...................................... 17<br />
3.4.3 Authorized ID (Auth ID).................................................................... 17<br />
3.5 Modern <strong>Key</strong> <strong>Ordering</strong> Privileges ................................................................... 17<br />
3.5.1 <strong>Key</strong> Management Authority (KMA) .................................................. 17<br />
3.5.2 User Representative ........................................................................ 17<br />
3.6 U.S. <strong>Key</strong> <strong>Ordering</strong> Privileges......................................................................... 18<br />
3.6.1 General............................................................................................ 18<br />
3.6.2 U.S. Command Authority ................................................................. 18<br />
3.6.3 U.S. User Representative ................................................................ 18<br />
4 Registration and Privilege Management ........................................................... 19<br />
4.1 General ......................................................................................................... 19<br />
4.1.1 Registration...................................................................................... 19<br />
4.1.2 Privilege Management ..................................................................... 20<br />
4.1.3 <strong>Key</strong> <strong>Ordering</strong>.................................................................................... 21<br />
4.2 Forms and Notices ........................................................................................ 22<br />
4.3 Appointment Certificate Form........................................................................ 23<br />
4.3.1 General............................................................................................ 23<br />
4.3.2 New Appointment ............................................................................ 23<br />
4.3.3 Change of Personnel ....................................................................... 24<br />
4.4 STU III PER Form ......................................................................................... 24<br />
4.4.1 General............................................................................................ 24<br />
4.4.2 Request Type .................................................................................. 24<br />
4.4.3 DAO Code ....................................................................................... 24<br />
4.4.4 DAO Description .............................................................................. 25<br />
4.4.5 EKMS Use Indicator ........................................................................ 26<br />
4.4.6 Requesting <strong>Ordering</strong> Privileges for Other EKMS Accounts ............. 26<br />
4.4.7 Authorized <strong>Key</strong> Type ....................................................................... 26<br />
4.4.8 Maximum <strong>Key</strong> Classification ............................................................ 27<br />
4.4.9 Class 6 Codes ................................................................................. 27<br />
4.5 SDNS PER Form .......................................................................................... 28<br />
4.5.1 General............................................................................................ 28<br />
4.5.2 Request Type .................................................................................. 28<br />
4.5.3 Requesting <strong>Ordering</strong> Privileges for Other EKMS IDs....................... 28<br />
4.5.4 Partition Code .................................................................................. 28<br />
4.5.5 Authorized <strong>Key</strong> Type ....................................................................... 28<br />
4.5.6 <strong>Key</strong> Purpose .................................................................................... 29<br />
4.6 MSK PER Form............................................................................................. 30<br />
4.6.1 Requesting <strong>Ordering</strong> Privileges for Other EKMS IDs....................... 30<br />
4.6.2 Request Type .................................................................................. 30<br />
4.7 Traditional PER Form.................................................................................... 30<br />
4.8 PER Confirmation/Rejection Notice (PER CRN) ........................................... 31<br />
4.9 <strong>Ordering</strong> Privilege Notice (OPN) ................................................................... 31<br />
5 <strong>Key</strong> Orders........................................................................................................... 33<br />
5.1 <strong>Key</strong> <strong>Ordering</strong> Process ................................................................................... 33<br />
5.1.1 Overview.......................................................................................... 33<br />
5.1.2 Interaction with User Community to Determine <strong>Key</strong> Requirements . 33<br />
vi May 2006 Table of Contents
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.1.3 Validate Security Information ........................................................... 33<br />
5.1.4 Preparation of <strong>Key</strong> Order Requests................................................. 33<br />
5.1.5 Submission of <strong>Key</strong> Order Requests................................................. 34<br />
5.1.6 Classification/Protection of <strong>Key</strong> Order Requests ............................. 34<br />
5.1.7 Validation of <strong>Key</strong> Order Requests.................................................... 34<br />
5.1.8 Monitor Status of <strong>Key</strong> Order Requests ............................................ 34<br />
5.1.9 Notification to the COMSEC Custodian ........................................... 35<br />
5.2 STU III <strong>Key</strong> Order Request Form .................................................................. 35<br />
5.2.1 General............................................................................................ 35<br />
5.2.2 EKMS Transaction Number ............................................................. 35<br />
5.2.3 Type of <strong>Key</strong>...................................................................................... 35<br />
5.2.4 EKMS STU III <strong>Key</strong> Order ................................................................. 36<br />
5.2.5 Delivery Mechanism ........................................................................ 36<br />
5.2.6 Classification of <strong>Key</strong> ........................................................................ 37<br />
5.2.7 Class 6 Code ................................................................................... 37<br />
5.2.8 DAO Code ....................................................................................... 37<br />
5.2.9 Additional Identification Data ........................................................... 37<br />
5.2.10 Remarks .......................................................................................... 38<br />
5.3 SDNS <strong>Key</strong> Order Request Form ................................................................... 38<br />
5.3.1 General............................................................................................ 38<br />
5.3.2 Transaction Number ........................................................................ 38<br />
5.3.3 Partition Code .................................................................................. 38<br />
5.3.4 Equipment Type............................................................................... 38<br />
5.3.5 <strong>Key</strong> Type.......................................................................................... 38<br />
5.3.6 Access Control Schedule................................................................. 39<br />
5.3.7 ASCII ID........................................................................................... 39<br />
5.3.8 Delivery Mechanism ........................................................................ 39<br />
5.4 MSK <strong>Key</strong> Order Request Form ..................................................................... 40<br />
5.4.1 General............................................................................................ 40<br />
5.4.2 Transaction ID ................................................................................. 40<br />
5.4.3 Type of <strong>Key</strong>...................................................................................... 40<br />
5.4.4 EKMS Use Indicator ........................................................................ 40<br />
5.4.5 Free Form ID ................................................................................... 41<br />
5.5 Traditional <strong>Key</strong> Order Request Form ............................................................ 41<br />
5.5.1 General............................................................................................ 41<br />
5.5.2 Transaction Number ........................................................................ 41<br />
5.5.3 Order Types..................................................................................... 41<br />
5.5.4 Short Title ........................................................................................ 42<br />
5.5.5 Distribution Control .......................................................................... 42<br />
5.5.6 Compatible Short Title ..................................................................... 42<br />
5.5.7 Authorized IDs ................................................................................. 42<br />
5.5.8 Delivery Mechanism ........................................................................ 42<br />
5.5.9 CRYPTO Caveat ............................................................................. 42<br />
5.5.10 Handling Restrictions....................................................................... 43<br />
5.5.11 Release............................................................................................ 43<br />
5.5.12 <strong>Key</strong> Use ........................................................................................... 43<br />
Table of Contents May 2006 vii
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.5.<strong>13</strong> <strong>Key</strong> Purpose .................................................................................... 43<br />
5.5.14 Cryptonet Size ................................................................................. 43<br />
5.5.15 Crypto Period................................................................................... 44<br />
5.5.16 Segment Per Edition........................................................................ 44<br />
5.5.17 Supersession Rate .......................................................................... 44<br />
5.5.18 Effective Date .................................................................................. 44<br />
5.5.19 In-Place Date ................................................................................... 44<br />
5.5.20 Standing Order ................................................................................ 44<br />
5.5.21 Edition Information........................................................................... 44<br />
5.5.22 Distribution Profile............................................................................ 44<br />
5.5.23 Accounting Legend Code (ALC) and Rules for Transfer Report<br />
Initiating (TRI) .................................................................................. 44<br />
5.6 Order Confirmation/Rejection Notice (Order CRN) ....................................... 45<br />
Glossary....................................................................................................................... 47<br />
Bibliography/References ............................................................................................ 59<br />
Annex A – CSE Points of Contact.............................................................................. 61<br />
Annex B – Directive on the Control of STU III <strong>Key</strong> for Sensitive Compartmented<br />
Information (SCI) Applications................................................................ 63<br />
Annex C – Appointment Certificate ........................................................................... 65<br />
Annex D – STU III Privilege Establishment Request (STU III PER) Form .............. 67<br />
Annex E – SDNS Privilege Establishment Request (SDNS PER) Form ................. 69<br />
Annex F – MSK Privilege Establishment Request.................................................... 71<br />
(MSK PER) Form.......................................................................................................... 71<br />
Annex G – Traditional Privilege Establishment Request (Traditional PER) Form. 73<br />
Annex H – Privilege Establishment Request Confirmation/Rejection Notice (PER<br />
CRN) .......................................................................................................... 75<br />
Annex I – <strong>Ordering</strong> Privilege Notice (OPN) ............................................................... 77<br />
Annex J – STU III <strong>Key</strong> Order Request Form.............................................................. 79<br />
Annex K – SDNS <strong>Key</strong> Order Request Form............................................................... 81<br />
Annex L – MSK <strong>Key</strong> Order Request Form................................................................. 83<br />
Annex M – Traditional <strong>Key</strong> Order Request Form...................................................... 85<br />
viii May 2006 Table of Contents
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
List of Figures<br />
Figure 1 – GoC EKMS..................................................................................................... 4<br />
Figure 2 – <strong>Key</strong> Management Functions......................................................................... 12<br />
Figure 3 – <strong>Ordering</strong> Privilege Hierarchy ........................................................................ 15<br />
Figure 4 – Registration of Modern <strong>Key</strong> <strong>Ordering</strong> Privileges .......................................... 19<br />
Figure 5 – Registration KMA/OPM ................................................................................ 20<br />
Figure 6 – Registration User Representative/STAR...................................................... 20<br />
Figure 7 – Privilege Management – PER Rejected by the CMAC................................. 21<br />
Figure 8 – <strong>Key</strong> <strong>Ordering</strong> Process .................................................................................. 22<br />
List of Figures May 2006 ix
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
x May 2006 List of Figures
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
List of Tables<br />
Table 1 – STU III <strong>Key</strong> Short Title Examples .................................................................... 7<br />
Table 2 – SDNS <strong>Key</strong> Short Title Examples ..................................................................... 8<br />
Table 3 – MSK <strong>Key</strong> Short Title Examples ....................................................................... 8<br />
Table 4 – Traditional <strong>Key</strong> Short Title Examples............................................................... 8<br />
Table 5 – Examples of <strong>Key</strong> Material Editions .................................................................. 9<br />
Table 6 – Registration and Privilege Management Request Forms .............................. 22<br />
Table 7 – <strong>Key</strong> Order Request Forms and Notices......................................................... 33<br />
List of Tables May 2006 xi
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
xii May 2006 List of Tables
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
List of Abbreviations and Acronyms<br />
ALC<br />
ASCII<br />
Auth ID<br />
BET<br />
CBI<br />
CCD<br />
CCEB<br />
CCF<br />
CCF KPF<br />
CCI<br />
CKMS<br />
CKMU<br />
CMAC<br />
(C)NES<br />
COMSEC<br />
CRN<br />
CRYPTO<br />
CSE<br />
DAO<br />
DCA<br />
DND<br />
DSO<br />
DTD<br />
EKR<br />
FFK<br />
GoC<br />
GoC EKMS<br />
GoC PKI<br />
GSP<br />
GSTN<br />
GSTN KMS<br />
IKMS<br />
ITSC<br />
KEK<br />
KMA<br />
KMID<br />
KP<br />
KPK<br />
KSD<br />
Accounting Legend Code<br />
American Standard Code for Information Exchange<br />
Authorized Identification<br />
Bulk Encrypted Transaction<br />
Certificate Based Infrastructure<br />
Canadian <strong>Cryptographic</strong> Doctrine<br />
Combined Communications Electronic Board<br />
Canadian Central Facility<br />
CCF <strong>Key</strong> Production Facility<br />
Controlled <strong>Cryptographic</strong> Item<br />
Canadian <strong>Key</strong> Management System (Now known as GSTN)<br />
Canadian <strong>Key</strong> Management Unit<br />
Cryptomaterial Management and Assistance Centre<br />
Canadian Network Encryption System<br />
Communications Security<br />
Confirmation/Rejection Notice<br />
<strong>Cryptographic</strong><br />
Communications Security Establishment<br />
Department Agency Organization<br />
Departmental COMSEC Authority<br />
Department of National Defence<br />
Departmental Security Officer<br />
Data Transfer Device<br />
Electronic <strong>Key</strong> Replacement<br />
FIREFLY <strong>Key</strong><br />
Government of Canada<br />
GoC Electronic <strong>Key</strong> Management System<br />
GoC Public <strong>Key</strong> Infrastructure<br />
Government Security Policy<br />
Government Secure Telephone Network<br />
Government Secure Telephone Network <strong>Key</strong> Management System<br />
IRIS <strong>Key</strong> Management System<br />
Information Technology Security Coordinator<br />
<strong>Key</strong> Encryption <strong>Key</strong><br />
<strong>Key</strong> Management Authority<br />
<strong>Key</strong> Material Identifier<br />
<strong>Key</strong> Processor<br />
<strong>Key</strong> Production <strong>Key</strong><br />
<strong>Key</strong> Storage Device<br />
List of Abbreviations and Acronyms May 2006 xiii
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
LAN<br />
LMD<br />
MSK<br />
NATO<br />
NCMCS<br />
NCOR<br />
NDA<br />
NFK<br />
OPM<br />
OPN<br />
PCM<br />
PER<br />
QKEK<br />
RA<br />
SDNS<br />
STAR<br />
STE<br />
STU III<br />
TEK<br />
TrKEK<br />
TPI<br />
WAN<br />
Local Area Network<br />
Local Management Device<br />
Message Signature <strong>Key</strong><br />
North Atlantic Treaty Organization<br />
National COMSEC Material Control System<br />
National Central Office of Record<br />
National Distributing Authority<br />
Netted FIREFLY <strong>Key</strong><br />
Order Privilege Manager<br />
Order Privilege Notification<br />
Privilege Certificate Manager<br />
Privilege Establishment Request<br />
Quadrant <strong>Key</strong> Encryption <strong>Key</strong><br />
Registration Authority<br />
Secure Data Network System<br />
Short Title Assignment Requester<br />
Secure Terminal Equipment<br />
Secure Telephone Unit – Third Generation<br />
Traffic Encryption <strong>Key</strong><br />
Transfer <strong>Key</strong> Encryption <strong>Key</strong><br />
Two Person Integrity<br />
Wide Area Network<br />
xiv May 2006 List of Abbreviations and Acronyms
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
1 Introduction<br />
1.1 Purpose<br />
This manual sets out the minimum security standards for the ordering of cryptographic key from<br />
the Canadian Central Facility (CCF) at the Communications Security Establishment (CSE) for<br />
Type 1 and Type 2 crypto-equipment supported by the Government of Canada Electronic <strong>Key</strong><br />
Management System (GoC EKMS).<br />
1.2 Scope<br />
This manual provides a broad overview of cryptographic keying concepts, outlines the division<br />
of responsibility of the various entities involved in the key management process, explains the<br />
steps necessary to request key ordering privileges and the steps necessary to manually or<br />
electronically order both Canadian and U.S. cryptographic key from the CCF.<br />
In the case of a conflict with other published directives, i.e., MG-7 STU III Operational <strong>Manual</strong>,<br />
this document will take precedence.<br />
NOTE: When key is to be ordered from a COMSEC account equipped with a Local<br />
Management Device/<strong>Key</strong> Processor (LMD/KP), refer to the LMD/KP Operator <strong>Manual</strong><br />
(EKMS 704).<br />
1.3 Applicability<br />
This manual applies to all GoC departments listed in Schedule I, I.1 and II of the Financial<br />
Administration Act (FAA), including the Canadian Forces, the Royal Canadian Mounted<br />
Police (RCMP) and the Canadian Security Intelligence Service (CSIS), herein referred to as<br />
departments. As directed by the Government Security Policy (GSP), “departments must use<br />
encryption methods or other measures approved by CSE to protect electronic communications<br />
that transmit classified and extremely sensitive, designated information.” While departments<br />
must use a Type 1 solution for classified information, they may use certain commercial solutions<br />
for PROTECTED A and B information that should be endorsed by CSE.<br />
1.4 Restrictions<br />
This manual is intended for the establishment of privileges and ordering of cryptographic key<br />
from the CCF by non-automated accounts. Automated accounts (i.e., using LCMS) should use<br />
this manual in concert with the LMD/KP Operator’s <strong>Manual</strong> (EKMS 704).<br />
1.5 Exceptions<br />
Any request for exceptions to the procedures in this publication should be forwarded to the<br />
Head, CMAC at CSE.<br />
1.6 Document Structure<br />
This guide provides descriptions of key types available from the CMAC at CSE followed by<br />
explanations of the processes that have been established to order each type of key. The enclosed<br />
annexes provide the forms that must be completed to order key and instructions for each form.<br />
Introduction May 2006 1
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
2 May 2006 Introduction
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2 <strong>Key</strong> and <strong>Key</strong> Management Concepts<br />
2.1 Background<br />
For more than 50 years, CSE, as the national authority for COMSEC material in Canada, has<br />
been generating and producing cryptographic key in support of national and NATO<br />
requirements. Until the last decade, key was primarily produced and distributed in physical<br />
unencrypted format. This unencrypted physical key passes through many hands prior to being<br />
filled into end equipment and this leaves the possibility for the key to become compromised by<br />
any person with access to it. Security is enhanced by requiring frequent key updates, which<br />
provided greater assurance that future encrypted messages would not be compromised by<br />
previously disclosed key.<br />
In 1989, the Canadian <strong>Key</strong> Management System (CKMS) was implemented to order, generate,<br />
produce and manage cryptographic key in support of the Government Secure Telephone<br />
Network (GSTN). This network is based upon the third generation of secure telephone unit<br />
known as the STU III. The STU III is a dual-purpose telephone terminal, which serves as both a<br />
standard telephone and a secure communications device capable of encrypting, transmitting, and<br />
decrypting both voice and data. The introduction of this electronic key management system<br />
reduced or eliminated access to plain text key by encrypting and distributing it in electronic form<br />
from the point of generation to the point of use, whenever possible.<br />
Following the implementation of the CKMS, another electronic key management system, called<br />
the IRIS <strong>Key</strong> Management System (IKMS) was developed to support a unique Canadian Forces<br />
requirement. This system became operational in 2000. The IKMS offers decentralized key<br />
generation and encrypted key distribution using a Canadian <strong>Key</strong> Management Unit (CKMU).<br />
For additional information on the IKMS and CKMU, refer to the Canadian <strong>Cryptographic</strong><br />
Doctrine for the Canadian <strong>Key</strong> Management Unit (CKMU) (CCD-05).<br />
In 2001, key management in the GoC was improved to include support to the Secure Data<br />
Network System (SDNS) equipment (e.g., <strong>Key</strong> Processor (KP), TACLANE) to further reduce<br />
access to plain text key by encrypting and distributing it in electronic or physical form. This new<br />
key management system, referred to as the GoC EKMS, includes the CKMS, which is now<br />
referred to as the GSTN <strong>Key</strong> Management System (GSTN KMS). The GoC EKMS is one of<br />
three national key management systems operated by the CCF at CSE. The other two systems are<br />
the GoC Public <strong>Key</strong> Infrastructure (GoC PKI) and the GoC FORTEZZA Certificate Based<br />
Infrastructure (GoC FORTEZZA CBI). For the purposes of this publication, all references to the<br />
CCF encompass only the GoC EKMS portion of the CCF. The CCF responsibilities associated<br />
with the GoC PKI and the GoC FORTEZZA CBI are described separately from this document.<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 3
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.2 GoC EKMS Overview<br />
2.2.1 General<br />
The GoC EKMS provides for the ordering, generation, production, distribution and accounting<br />
of national, allied and NATO key in physical and electronical format and the management of all<br />
accountable COMSEC material. As depicted in below, the GoC EKMS provides these services<br />
in support of both secure voice and data communications and the initialization of key generation<br />
and production systems. For detailed information and doctrine for the GoC EKMS, refer to the<br />
Canadian <strong>Cryptographic</strong> Doctrine for the Government of Canada Electronic <strong>Key</strong> Management<br />
System (GoC EKMS) (CCD-06).<br />
Telephone Network<br />
Government Secure<br />
Telephone (GSTN) Network e.g.<br />
STEs<br />
eg .<br />
STU IIIs<br />
CipherTACs<br />
STEs<br />
STU - IIIs<br />
Systems<br />
GoC Departments<br />
Support Personnel<br />
Point Point - to to - Point Point<br />
Link Encryption<br />
Link<br />
eg<br />
Encryption<br />
.<br />
KG -<br />
KG - 81<br />
KG - 84<br />
KIV - 7<br />
LMD/KP<br />
LANs<br />
Facility<br />
(CCF)<br />
Systems<br />
DSO/ITSC<br />
DCA<br />
Secure Radio<br />
Communications<br />
Secure Radio<br />
Communications<br />
e.g. Light<br />
Assault Eg . Light Radio<br />
(AN/PRC Assault Radio 521)<br />
-<br />
LMD/KP<br />
DTDs<br />
LMD/DTD<br />
CKMU<br />
NDA<br />
LMD/KP<br />
LAN<br />
CMAC<br />
NCOR Assistance<br />
• RA Centre<br />
• PCM<br />
• Account Managers<br />
CCF<br />
KPF<br />
Support Personnel<br />
NCOR<br />
LMD/KP<br />
LAN<br />
<strong>Key</strong><br />
Requirements<br />
•<strong>Key</strong> Order<br />
• Managers<br />
CCF KPF<br />
•U.S. KMA<br />
• U.S. User Rep<br />
• <strong>Key</strong> Generators<br />
• <strong>Key</strong> Distributors<br />
Controlling Authority<br />
Auth ID<br />
KMA<br />
User Reps<br />
STAR<br />
OPM<br />
Secure Network<br />
Secure Encryption Network Systems<br />
Encryption e.g. Systems<br />
TACLANE eg .<br />
TACLANE CNES<br />
FASTLANE<br />
CNES<br />
Figure 1 – GoC EKMS<br />
2.2.2 Canadian Central Facility (CCF)<br />
2.2.2.1 General<br />
The CCF is responsible for the overall management of the GoC EKMS and is privileged for all<br />
GoC EKMS root functions. The CCF is comprised of automated systems and the personnel who<br />
provide user assistance, operational support and systems administration.<br />
4 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.2.2.2 Cryptomaterial Management and Assistance Centre (CMAC)<br />
The CMAC consists of the Cryptomaterial Requirements office, the National Central Office of<br />
Record (NCOR) and an Assistance Centre to support the activities of these offices.<br />
The Cryptomaterial Requirements Office is responsible for:<br />
a. Registering <strong>Key</strong> Management Authority (KMA), <strong>Ordering</strong> Privilege Manager (OPM), User<br />
Representatives and Short Title Assignment Requestor (STAR);<br />
b. Processing Privilege Establishment Requests (PERs);<br />
c. Receiving and processing orders for cryptographic key; and<br />
d. Establishing and maintaining lead time schedules for the distribution of cryptographic key.<br />
The NCOR is responsible for:<br />
a. Maintaining a master inventory of accountable COMSEC material, including cryptographic<br />
key produced in or entrusted to Canada;<br />
b. Ensuring that the minimum COMSEC accounting standards detailed in the COMSEC<br />
Material Control <strong>Manual</strong> (<strong>ITSG</strong>-10) are met;<br />
c. Acting as the national Registration Authority (RA) for the establishment of COMSEC<br />
accounts and the registration of account personnel; and<br />
d. Acting as Privilege Certificate Manager (PCM) for the assignment of account level<br />
privileges.<br />
The Assistance Centre is responsible for:<br />
a. Providing day-to-day operational support for users via telephone, email, voice mail, fax and<br />
the EKMS Message Server;<br />
b. Providing services during normal business hours (0800 – 1600 hours) for the Eastern Time<br />
zone. Voice mail service, pager service and/or extended hours of operation may be<br />
implemented for silent hours or during a crisis or as operationally required;<br />
c. Providing on-line support through the CMAC Web Site<br />
(http://www.cse-cst.gc.ca/en/services/cmac/cmac.html); and<br />
d. Providing assistance with all key management problems related to the GoC EKMS.<br />
2.2.2.3 Canadian Central Facility <strong>Key</strong> Production Facility (CCF KPF)<br />
The CCF KPF plays a major role in key generation, production, distribution and accounting. It<br />
consists of specialized key generation and production systems, which are capable of generating<br />
and producing national, allied and NATO key.<br />
Departments equipped with the GoC EKMS Local Management Device/<strong>Key</strong> Processor<br />
(LMD/KP) functionality shall produce Traditional electronic key to fulfill their departmental<br />
requirements.<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 5
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.2.2.4 National Distributing Authority (NDA)<br />
The NDA is the primary intermediary for nationally accountable COMSEC material entering or<br />
leaving Canada. The NDA also provides support for the quality control and bulk distribution of<br />
key produced by the CCF KPF, as required.<br />
2.3 GoC EKMS <strong>Cryptographic</strong> <strong>Key</strong><br />
2.3.1 Traditional and Modern <strong>Key</strong><br />
2.3.1.1 General<br />
<strong>Cryptographic</strong> key is a sequence of letters, symbols or numbers rather like a very long password<br />
that is used in conjunction with a cryptographic algorithm to control either the encryption or<br />
decryption of information. <strong>Key</strong> provides the means not only to hide the information but also to<br />
protect it from unauthorized modification, undetected modification and unauthorized use. In<br />
addition to encryption and decryption, some key can also provide digital signatures. Encryption<br />
provides for confidentiality of information and the digital signature provides for authentication,<br />
non-repudiation and integrity of the data. There are two basic types of key: Traditional<br />
(symmetric) key and Modern (asymmetric) key.<br />
2.3.1.2 Traditional (Symmetric) <strong>Key</strong><br />
Traditional key is common key that is shared by two (or more) parties to encrypt plain text<br />
messages and decrypt the ciphertext 1 . The parties who share copies of this common key must<br />
rely on each other not to disclose the key and to protect it against modification. Traditional key<br />
technology has existed for a long time and is well understood. It is relatively fast and can handle<br />
large volumes of data without significantly degrading the quantity. However, secure distribution<br />
of this key, especially when in plaintext format, becomes a key management problem. The<br />
intended key must be in the possession of all the intended recipients and only those intended<br />
recipients and the recipients must know when to use the key. Additionally, when key is required<br />
for widespread use in communication networks among users who do not know each other, the<br />
security of the network may be at a greater risk of compromise.<br />
2.3.1.3 Modern (Asymmetric) <strong>Key</strong><br />
Modern key is based on a FIREFLY key management protocol, which uses public key<br />
cryptography. The Modern or FIREFLY key is used to establish a session key between two<br />
entities. The session key generated from a FIREFLY exchange is then used in a symmetric<br />
encryption algorithm. Two separate (but mathematically related) input keys (i.e., asymmetric<br />
keys) are used to perform encryption or decryption functions. This key pair consists of a private<br />
key and a public key. Either key can be used for encryption or decryption but once one of them<br />
is used for encryption, the other one must be used for decryption.<br />
The three types of Modern key supported by the CCF are:<br />
1 Ciphertext : Encrypted message.<br />
6 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
a. STU III <strong>Key</strong>;<br />
b. Secure Data Network System (SDNS) Communications <strong>Key</strong>; and<br />
c. Message Signature <strong>Key</strong> (MSK).<br />
2.3.2 Identification of <strong>Key</strong><br />
2.3.2.1 General<br />
<strong>Key</strong> is accountable COMSEC material, which must be controlled and accounted for in<br />
accordance with the COMSEC Material Control <strong>Manual</strong> (<strong>ITSG</strong>-10). For identification, control<br />
and tracking purposes, it is assigned a short title, an edition, an Accounting Legend Code (ALC),<br />
an accounting number and a security classification.<br />
2.3.2.2 Short Title<br />
A short title is an unclassified method of labeling COMSEC material to facilitate handling,<br />
accounting and control. These titles can be found in a variety of locations on physical material.<br />
Electronic material short titles may be viewed from equipment supported by EKMS such as, but<br />
not limited to, the Data Transfer Device (DTD), Local Management Device (LMD), and KP).<br />
There are a number of different national short title standards in existence today. The EKMS<br />
short title standard will be employed for all keying material generated to support new systems,<br />
while existing material, such as key tape, will continue to be assigned their legacy titles until all<br />
production systems are migrated to the EKMS standard.<br />
For more information on key short titles, refer to the Short Title Nomenclature in Canada<br />
(<strong>ITSG</strong>-09).<br />
Table 1 – STU III <strong>Key</strong> Short Title Examples<br />
Canadian STU III<br />
<strong>Key</strong> Short Title<br />
<strong>Key</strong> Type &<br />
Classification<br />
Delivery Method<br />
Equipment Type<br />
CDNAU 1001 Type 1 Operational –<br />
PROTECTED CRYPTO<br />
CDNAU 1002 Type 1 Operational –<br />
CONFIDENTIAL CRYPTO<br />
CDNAU 1003 Type 1 Operational –<br />
SECRET CRYPTO<br />
CDNAU 1004 Type 1 Operational –<br />
TOP SECRET CRYPTO<br />
CDNAU 1005 Type 1 Seed –<br />
All Classifications<br />
CDGAU 1006 Type 2 Operational –<br />
UNCLASSIFIFED<br />
<strong>Key</strong> Storage Device STU III, KOV 14C, STE<br />
<strong>Key</strong> Storage Device STU III, KOV 14C, STE<br />
<strong>Key</strong> Storage Device STU III, KOV 14C, STE<br />
<strong>Key</strong> Storage Device STU III, KOV 14C, STE<br />
<strong>Key</strong> Storage Device STU III, KOV 14C, STE<br />
<strong>Key</strong> Storage Device STU III Type 2<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 7
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Table 2 – SDNS <strong>Key</strong> Short Title Examples<br />
Canadian SDNS<br />
<strong>Key</strong> Short Titles<br />
<strong>Key</strong> Type &<br />
Classification<br />
<strong>Key</strong> Purpose Delivery Method Equipment Types<br />
CAFAU 2001 Type 1 Operational –<br />
All Classifications<br />
Operational<br />
<strong>Key</strong> Storage<br />
Device<br />
CNES<br />
CAFZU 2002 Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
Test<br />
CNES<br />
CAFZE 3001<br />
845550<br />
Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
Test<br />
Data Transfer<br />
Device<br />
TACLANE KG 175<br />
CAFZD 3001<br />
845550<br />
Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
Test<br />
Bulk Encrypted<br />
Transaction<br />
TACLANE KG 175<br />
CAFAD 3002<br />
845550<br />
Type 1 Operational –<br />
All Classifications<br />
Operational<br />
Bulk Encrypted<br />
Transaction<br />
TACLANE KG 175<br />
CAFAE 3002<br />
845550<br />
Type 1 Operational –<br />
All Classifications<br />
Operational<br />
Data Transfer<br />
Device<br />
TACLANE KG 175<br />
Table 3 – MSK <strong>Key</strong> Short Title Examples<br />
Canadian MSK<br />
<strong>Key</strong> Short Titles<br />
<strong>Key</strong> Type &<br />
Classification<br />
<strong>Key</strong> Purpose Delivery Method Equipment Types<br />
CAKAU 11111 Type 1 Operational –<br />
All Classifications<br />
Operational<br />
<strong>Key</strong> Storage<br />
Device<br />
CNES<br />
CAKZU 11111 Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
Test<br />
<strong>Key</strong> Storage<br />
Device<br />
CNES<br />
Table 4 – Traditional <strong>Key</strong> Short Title Examples<br />
Canadian<br />
Traditional <strong>Key</strong><br />
Short Titles<br />
<strong>Key</strong> Type &<br />
Classification<br />
<strong>Key</strong> Purpose Delivery Method Equipment Types<br />
CSE/537/878 Type 1 Operational –<br />
All Classifications<br />
CAKZE 2 8455550 Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
CAKZD 2 8455550 Type 1 Operational –<br />
UNCLASSIFIED<br />
CRYPTO<br />
PC 841000<br />
845999<br />
Certificate –<br />
UNCLASSIFIED<br />
Operational <strong>Key</strong> tape KG 84<br />
Test<br />
Test<br />
Operational<br />
Data Transfer<br />
Device<br />
Bulk Encrypted<br />
Transactions<br />
Electronic via CCF<br />
Message Server<br />
TACLANE KG 175<br />
TACLANE KG 175<br />
KOK 22<br />
8 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.3.2.3 Editions<br />
<strong>Key</strong> editions identify one issuance of a series, or specific version of, COMSEC material<br />
associated with the same short title. A key edition may appear as a letter (s) or a number(s).<br />
<strong>Key</strong> identified with an edition is time sensitive and is superseded when the next edition becomes<br />
effective. The effective period of key is referred to as its supersession rate. The supersession<br />
rate for classified key is classified at a minimum of CONFIDENTIAL unless specified higher by<br />
the Controlling Authority (CA). The supersession rate for protected key is designated at a<br />
minimum of Protected A unless specified higher by the CA.<br />
During a universal changeover of MSK, SDNS and STU III key, which occurs every five years<br />
or at the discretion of the CCF, the key received will contain dual edition key. Notification of<br />
the universal changeover is issued by the CMAC to the departments who hold the affected key.<br />
Table 5 – Examples of <strong>Key</strong> Material Editions<br />
Product Equipment Type Short Title Edition<br />
STU III <strong>Key</strong> STU III CDNAU 1005 PD<br />
STU III <strong>Key</strong> Changeover Period STU III CDNAU 1005 PD, PE<br />
<strong>Key</strong> tape KG 84 CSE 53799 AA<br />
SDNS <strong>Key</strong> KG 175 CAFAD 3002 845550 020001<br />
MSK <strong>Key</strong> KOK 22 CAKAU 11111 000201<br />
2.3.2.4 <strong>Key</strong> Segments<br />
<strong>Key</strong> segments distinguish the individual keys delivered in one edition. Each segment is<br />
identified uniquely and is augmented by one for each subsequent segment within an edition. The<br />
effective period of a segment is referred to as its cryptoperiod. A cryptoperiod is classified in the<br />
same manner as the supersession rate of the edition identified in 2.3.2.3.<br />
2.3.2.5 ALC<br />
ALCs indicate the accounting controls and reporting requirements for the key. The ALC<br />
normally does not appear on the key but will be included on the accounting report for use by the<br />
COMSEC Custodian. Description of ALCs can be found in the <strong>ITSG</strong>-10 and further information<br />
regarding ALCs associated with key ordering can be found in Chapter 5.<br />
2.3.2.6 Accounting Number<br />
Most COMSEC material is assigned a unique accounting (register, serial or copy) number at the<br />
point of origin, to facilitate accounting. The accounting number for Traditional key is often<br />
referred to as the register number (or reg. number) and the accounting number for Modern key is<br />
also called the <strong>Key</strong> Material Identifier (KMID).<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 9
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.3.3 Purposes of <strong>Cryptographic</strong> <strong>Key</strong><br />
There are six main purposes of cryptographic key:<br />
a. Operational – if the privileged EKMS ID requires key intended for use over-the-air for<br />
protection or for the production of operational information or for the production or secure<br />
electrical transmission of key streams. The key classification will include the caveat<br />
CRYPTO;<br />
b. Test – if the privileged EKMS ID requires key intended for over-the-air testing of COMSEC<br />
equipment or systems. The key classification will include the caveat CRYPTO;<br />
c. Training –<br />
Classroom – if key required is intended for over-the-air or off-the-air classroom<br />
training. If the key is for over-the-air training, classification will include the caveat<br />
CRYPTO.<br />
Exercise – if key is intended to safeguard transmissions associated with exercises. If<br />
used over-the-air, classification will include CRYPTO.<br />
e. Maintenance – if the privileged EKMS ID requires key intended only for off-the-air or<br />
in-shop use, the key classification will not include the caveat CRYPTO;<br />
f. Developmental – if the privileged EKMS ID requires key intended for the “in-process”<br />
production of COMSEC material or equipment, the key classification will include the caveat<br />
CRYPTO;<br />
g. Sample – if the privileged EKMS ID requires key intended for off-the-air demonstration use<br />
only, the classification may include the caveat CRYPTO.<br />
2.3.4 Sources of <strong>Cryptographic</strong> <strong>Key</strong><br />
CSE is responsible for providing departments with, or authorizing the generation of, national<br />
and/or foreign key. The CCF supports the processing of key orders for the generation and<br />
production of all types of Traditional and Modern keys and the acquisition of keying material<br />
from allied nations. The CCF has the capability to produce key for distribution in electronic and<br />
physical format. COMSEC accounts equipped with an LMD/KP may be authorized to generate<br />
specified short titles of national and/or allied Traditional key in electronic format only.<br />
2.3.5 Applications for <strong>Cryptographic</strong> <strong>Key</strong><br />
<strong>Cryptographic</strong> systems normally use either Traditional (e.g., KG 84 key) or Modern key<br />
(e.g., STU III key). However, some equipment like TACLANE can use both Modern and<br />
Traditional key for the same function, while other equipment use both types in a complimentary<br />
manner with each performing a different function. For example, Modern key can be used for<br />
transmitting Traditional keys or to sign messages. <strong>Cryptographic</strong> key can be used for:<br />
a. Point-to-point (Link) encryption – The application of on-line cryptography to individual<br />
links of a communications system such that all information (including routing/address data)<br />
passing over the link is encrypted in its entirety;<br />
10 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
b. End-to-end encryption – The process whereby all data is encrypted from the originator to the<br />
recipient. Although data remains encrypted while being passed through a network, routing<br />
information remains visible;<br />
c. Disk and file encryption – The process whereby information held on a computer is encrypted<br />
using software or hardware encryption/decryption products;<br />
d. Telephone – Specialized telephones such as the STU III and Secure Terminal Equipment<br />
(STE/KOV 14) can be used to encrypt voice and data (e.g., facsimiles) communications;<br />
e. Radio – Field radios used for both tactical and strategic operations encrypt both voice and<br />
data communications within a selected group;<br />
f. Local Area Network (LAN)/Wide Area Network (WAN) – Network encryption systems such<br />
as the CNES or TACLANE can be installed to encrypt communications of whole networks;<br />
and<br />
h. Digital Signature – A cryptographic transformation of data that ensures origin authentication,<br />
data integrity, and signer non-repudiation.<br />
2.3.6 <strong>Cryptographic</strong> <strong>Key</strong> Characteristics<br />
<strong>Key</strong>s can be ordered to fulfill a variety of purposes (e.g., operational, training, etc.), uses (e.g.,<br />
FIREFLY), and classification, etc. A full list and description is available in Chapter 5.<br />
2.3.6.1 Type 1 <strong>Cryptographic</strong> Equipment (crypto-equipment)<br />
Only Type 1 crypto-equipment and systems that have been endorsed or approved by CSE shall<br />
be used to protect electronic communications that transmit classified and PROTECTED C<br />
information. Type 1 crypto-equipment, also known as High Grade equipment, includes<br />
classified COMSEC equipment such as the <strong>Key</strong> Processor (KOK 22A) and Controlled<br />
<strong>Cryptographic</strong> Items (CCI) such as the STU III, KG 84 and TACLANE (KG 75).<br />
2.3.6.2 Type 2 Crypto-equipment<br />
Type 2 crypto-equipment, also known as Low Grade equipment, includes unclassified cryptoequipment<br />
(e.g., STU III Type 2) that has been endorsed or approved by CSE. It may be used to<br />
protect electronic communications that transmit designated information. Type 2 cryptoequipment<br />
shall not be used for the protection of classified information.<br />
2.4 <strong>Key</strong> Management Process<br />
2.4.1 Overview<br />
To be effective, key requires a process which governs how and when the key is to be used.<br />
These key management services need to be provided from the point of introduction of a new<br />
cryptographic device through to the ordering, generation, production, distribution, accounting,<br />
use and destruction of the key. The primary key management activities or functions are shown<br />
in Figure 2. Subsequent articles provide a brief overview of the key management process and<br />
the relationship of each key management activity to the ordering of cryptographic key.<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 11
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
COMSEC<br />
Accounting<br />
Identify<br />
Requirement<br />
for <strong>Key</strong><br />
Register<br />
COMSEC<br />
Account<br />
Update<br />
Replace<br />
Destroy <strong>Key</strong><br />
Register <strong>Key</strong><br />
<strong>Ordering</strong><br />
Privileges<br />
Control Use<br />
of <strong>Key</strong><br />
Order <strong>Key</strong><br />
Distribute<br />
<strong>Key</strong><br />
Generate<br />
<strong>Key</strong><br />
Figure 2 – <strong>Key</strong> Management Functions<br />
2.4.2 Identifying Requirements for Secure Communications<br />
When a department has determined that there is a need to electronically process classified or<br />
designated information, they should contact Head, Client Services, <strong>Cryptographic</strong> Security at<br />
CSE. The consultants at CSE will provide advice and guidance on the types of equipment<br />
available and the requirements for establishing new cryptonets.<br />
2.4.3 Establishing a COMSEC Account<br />
Once approval has been obtained from Head, Client Services, <strong>Cryptographic</strong> Security to procure<br />
cryptographic equipment, the department shall contact the CMAC to establish a COMSEC<br />
Account to oversee the control and handling of accountable COMSEC material. This process<br />
involves the registration of the account information and the appointment of account personnel.<br />
Detailed information regarding the establishment of a COMSEC account is available in the<br />
<strong>ITSG</strong>-10.<br />
2.4.4 Registration of <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
The registration of key ordering privileges includes the:<br />
a. Appointment of departmental personnel authorized to order key; and<br />
b. Registration of key ordering privileges for an EKMS account.<br />
12 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
2.4.5 <strong>Ordering</strong> <strong>Key</strong><br />
2.4.5.1 General<br />
The submission of a key order to the CMAC initiates the process that results in the generation of<br />
key and the subsequent placement of that key on the required fill device media (e.g., paper, KSD,<br />
DTD). Instructions for the completion of key orders are detailed in Chapter 5 of this publication.<br />
2.4.5.2 Lead-Time<br />
Sufficient lead-time must be provided to allow the CCF KPF time to process the key order,<br />
schedule the key for generation, generate the key, produce the key and deliver the key prior to its<br />
scheduled use. General guidelines for the lead-time for submitting key orders are as follows:<br />
a. Allow two to three weeks for delivery of all types of key generated by the CCF; and<br />
b. Allow six to eight weeks for delivery of all types of key to be generated at a foreign central<br />
facility.<br />
2.4.5.3 Contingency <strong>Key</strong><br />
Only a minimum amount of key should be held at any time to satisfy operational requirements<br />
and unplanned events such as equipment failure, inadvertent equipment zeroization, damaged<br />
key, faulty key or compromised key. Points to consider when determining how much<br />
contingency or reserve key to maintain in storage include the number of equipments actually in<br />
use and the time required for re-supply of the key. The length of time for re-supply depends<br />
upon the type of key required and the delivery method. See <strong>ITSG</strong>-10, Chapter 6 for more<br />
details.<br />
2.4.5.4 Generating and Producing <strong>Key</strong><br />
The generation process is highly sensitive and must employ the use of CSE-approved and<br />
certified equipment. CSE, as the national authority, is authorized to generate all types of<br />
national keying material and specific foreign key. Currently, the CCF KPF at CSE generates the<br />
majority of key required by the GoC. Once implemented, fully-automated accounts, equipped<br />
with an LMD/KP, will generate Traditional electronic key if privileged to do so. The CCF KPF<br />
will continue to be the only entity with the capability to generate Modern key and hard copy<br />
Traditional key products.<br />
2.4.5.5 Distributing <strong>Key</strong><br />
The distribution process is the process of moving key securely from the location at which it is<br />
generated to the crypto-equipment into which it is ultimately loaded. The CCF distributes the<br />
key to the COMSEC account(s) as indicated in the key order. The key is then redistributed<br />
within the COMSEC account or to other COMSEC accounts as authorized by the controlling<br />
authority for the key. The CCF KPF initially generates all key as an electronic image. This<br />
electronic image is converted to the format specified for delivery by the type of key and the<br />
delivery requirements on the key order. A variety of delivery mechanisms supported by the<br />
CCF KPF may include:<br />
a. Paper Media (<strong>Key</strong> Tape, Books);<br />
<strong>Key</strong> and <strong>Key</strong> Management Concepts May 2006 <strong>13</strong>
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
b. Bulk Encrypted Transaction (BET);<br />
c. Magnetic Media;<br />
d. Data Transfer Device (DTD);<br />
e. <strong>Key</strong> Storage Device (KSD);<br />
f. PCMCIA Card; and<br />
g. Electronic rekey.<br />
2.4.6 Controlling the Use of <strong>Key</strong>s<br />
<strong>Key</strong> is to be used only under the specific conditions as determined by the CA for the cryptonet<br />
and, as detailed in the operational doctrine for the cryptosystem in use. Any deviation from this<br />
procedure could result in a compromise. In particular, the key shall not be in use longer than the<br />
specific cryptoperiod for the key (i.e., time period during which a particular key is in effect).<br />
2.4.7 Replacing <strong>Key</strong><br />
To reduce the possibility of compromise of the information protected by the key, users are<br />
required to replace the key according to the effective date and supersession rate specified in the<br />
key order. In some instances, this requires the physical destruction or zeroization of the key<br />
being replaced. For detailed information, see the <strong>ITSG</strong>-10.<br />
The four methods to replace key in equipment are:<br />
a. Seed <strong>Key</strong> Conversion - load new seed key and electronically download operational key from<br />
the CCF;<br />
b. Real-time rekey - electronically replace operational key via secure communications with the<br />
CCF;<br />
c. Store-and-forward rekey - electronically replace operational key via request and response<br />
transactions with the CCF; and<br />
d. Load new operational key.<br />
2.4.8 COMSEC Accounting<br />
Because key is the most vulnerable part of any system, it is subject to COMSEC material control<br />
procedures even more rigorous than those associated with other types of COMSEC material. It<br />
is controlled and accounted for within the National COMSEC Material Control System<br />
(NCMCS) from the point of generation until it is destroyed. Refer to <strong>ITSG</strong>-10 for details.<br />
14 May 2006 <strong>Key</strong> and <strong>Key</strong> Management Concepts
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
3 <strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities<br />
3.1 Overview<br />
<strong>Key</strong> ordering roles and their associated privileges provide the means for departments to control<br />
and coordinate the supply and use of key required for their secure communication links/systems.<br />
<strong>Ordering</strong> roles and responsibilities differ according to type of key and the capabilities at the<br />
generating account. Certain privileges are applicable to Traditional key while others apply to<br />
Modern key. <strong>Ordering</strong> privileges are not universal (e.g., there is no single privilege, which<br />
allows an EKMS account to order any short title). All ordering privileges are restricted (e.g., by<br />
a short title, partition code, DAO code, key type, key classification, key purpose, etc.).<br />
Figure 3 illustrates the hierarchy of roles for ordering Traditional key and Modern key. Each<br />
EKMS account ordering key or requesting the establishment of key ordering privileges must<br />
have its privileges registered at the account that will generate the key (e.g., CCF, LMD/KP).<br />
Departmental Security Officer (DSO) / Information Technology Security Coordinator (ITSC) /<br />
Departmental COMSEC Authority (DCA)<br />
Modern <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
Traditional <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
| |<br />
<strong>Key</strong> Management Authority (KMA)<br />
<strong>Ordering</strong> Privilege Manager (OPM)<br />
| |<br />
User Representative<br />
Short Title Assignment Requester (STAR)<br />
|<br />
Authorized ID (Auth ID)<br />
Figure 3 – <strong>Ordering</strong> Privilege Hierarchy<br />
3.2 Departmental Security Officer (DSO)/IT Security Coordinator<br />
(ITSC)/ Departmental COMSEC Authority (DCA)<br />
Each department that requires key for the protection of classified or extremely sensitive<br />
designated information should appoint a DCA to establish and maintain effective<br />
communications security within their department. In small departments, the DCA may also<br />
perform any or all of the key ordering roles required by the department. In addition to those<br />
responsibilities listed in the Directives for the Application of Communications Security in the<br />
Government of Canada (ITSD-01), the DCAs 2 responsibilities involving key ordering include:<br />
a. Appointing a new KMA, OPM and Controlling Authority, as applicable;<br />
b. Terminating the appointment of the KMA and OPM, when required; and<br />
c. Ensuring that the KMA and OPM receive the training necessary to perform their duties.<br />
2 In the absence of the DCA, the Departmental Security Officers (DSO) or the Information Technology Security<br />
Coordinator (ITSC), is consider to be the COMSEC Authority and is responsible to fulfill the responsibilities of<br />
the DCA.<br />
<strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities May 2006 15
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
3.3 Controlling Authority<br />
A Controlling Authority, who is designated by the DSO/ITSC/DCA, is required only when<br />
cryptographic networks (cryptonet) use Traditional key. The role of the Controlling Authority is<br />
required to establish and maintain order, to supervise cryptographic logistics and to respond to<br />
security issues affecting the cryptonet. The Controlling Authority may also perform any or all of<br />
the key ordering roles required by the department. The Controlling Authority is responsible for:<br />
a. The number of cryptonet members and any changes to this number;<br />
b. The status of the key, including the date on which the first edition will become effective, the<br />
effective dates for the remaining key, the number of segments per edition and any changes to<br />
the key status;<br />
c. The key change time for the cryptonet;<br />
d. The purpose, use and type of key required;<br />
e. The method of delivery for the key;<br />
f. Any special handling and distribution controls or restrictions;<br />
g. The prescribed amount of reserve or contingency key to be ordered to ensure an adequate<br />
supply for potential emergency supersessions and other unplanned events;<br />
h. The supersession of the key;<br />
i. The promulgation of status information; and<br />
j. The development and management of key management plans.<br />
NOTE: A Controlling Authority can only be assigned to department-specific key.<br />
3.4 Traditional <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
3.4.1 <strong>Ordering</strong> Privilege Manager (OPM)<br />
The OPM is appointed by the DSO or DCA via the submission of an Appointment Certificate to<br />
the CCF. The OPM is responsible for registering an EKMS account’s OPM and STAR<br />
privileges at the CCF. The OPM, as the highest level in the hierarchy, is:<br />
a. Authorized to perform all the ordering functions associated with the OPM, STAR and<br />
Auth ID privileges;<br />
b. Responsible for selecting individuals and requesting an EKMS account’s OPM and STAR<br />
privileges from the CCF;<br />
c. Responsible for the key ordering training through the ITS Learning Centre at CSE; and<br />
d. Responsible for the implementation of national doctrine for all Traditional key management<br />
related activities within their department and the promulgation of any additional or clarifying<br />
guidance.<br />
16 May 2006 <strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
3.4.2 Short Title Assignment Requester (STAR)<br />
The STAR is appointed by the OPM via the submission of an Appointment Certificate to the<br />
CCF. The OPM must already be registered at the CCF. The STAR is responsible for submitting<br />
orders to the CMAC to create new short titles and assign EKMS IDs as Auth IDs for the short<br />
title. If required, the STAR can perform all the functions associated with an Auth ID.<br />
3.4.3 Authorized ID (Auth ID)<br />
The Auth ID privilege is assigned by the STAR, OPM or another Auth ID through the<br />
submission of a Traditional PER. The Auth ID privilege at the CCF allows the Auth ID to submit<br />
Traditional <strong>Key</strong> Orders to:<br />
a. Cause the generation of key for a specific short title;<br />
b. Specify/revise the distribution profile for a specific short title;<br />
c. Grant or revoke other accounts’ Auth ID privilege for a specific short title;<br />
d. Request revision of the attributes of a specific short title; and<br />
e. Cancel the short title.<br />
3.5 Modern <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
3.5.1 <strong>Key</strong> Management Authority (KMA)<br />
The KMA is appointed by the DCA. The role of the KMA is normally assigned to a senior<br />
person in the security or COMSEC field. In large departments, more than one KMA may be<br />
appointed. In such cases, the area of responsibility for each KMA must be clearly delineated<br />
without overlap. For small departments, the DCA may also decide to serve as the KMA.<br />
The KMA primary responsibilities include:<br />
a. The selection and registration of User Representatives who will be permitted to order<br />
Modern key from the CCF;<br />
b. The registration of key ordering privileges for each User Representative, including the<br />
establishment of the Department/Agency/Organization (DAO) descriptions for which the<br />
User Representative will have authority to order key;<br />
c. The training of User Representatives through the ITS Learning Centre at CSE;<br />
d. The implementation of national doctrine for all Modern key management related activities<br />
within their department and the promulgation of any additional or clarifying guidance.<br />
3.5.2 User Representative<br />
The User Representative is selected and registered at the CCF by the KMA. The number of<br />
individuals selected by the KMA to serve in the role of the User Representative depends upon<br />
the department’s structure, location of facilities and security concerns. The User Representative<br />
function is normally assigned to a person who has security and/or COMSEC responsibilities<br />
within the department. The User Representative must be a Canadian citizen but does not<br />
necessarily require a security clearance to order key unless access to classified information<br />
(e.g., effective date) is required.<br />
<strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities May 2006 17
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
The User Representative is responsible to:<br />
a. Interact with the user community to determine key requirements to support newly acquired<br />
equipment, changes in identification information or to rekey an equipment;<br />
b. Verify that users are cleared to the classification level of the key that they are requesting;<br />
c. Prepare and submit key orders to CMAC;<br />
d. Interact with the CMAC to monitor the status of key orders; and<br />
e. Interact with the COMSEC Custodian to advise of any key that can be expected.<br />
3.6 U.S. <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
3.6.1 General<br />
The CCF is registered with the U.S. Central Facility in the same manner that all GoC<br />
departments are registered with the CCF.<br />
3.6.2 U.S. Command Authority<br />
The Command Authority at the CCF is appointed by the DCA for CSE. The Command<br />
Authority is responsible for appointing User Representatives and registering their privileges with<br />
the U.S. Central Facility.<br />
NOTE: The Command Authority is the U.S. equivalent to KMA.<br />
3.6.3 U.S. User Representative<br />
The U.S. User Representative validates all key orders from GoC departments requesting U.S.<br />
key and submits these orders to the U.S. Central Facility for processing and generation. The<br />
GoC department submitting the order must have U.S. key ordering privileges registered with the<br />
CMAC.<br />
18 May 2006 <strong>Key</strong> <strong>Ordering</strong> Roles and Responsibilities
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
4 Registration and Privilege Management<br />
4.1 General<br />
There are 3 steps involved in ordering key: registration, privilege establishment and ordering.<br />
These steps are defined below. Figure 4 illustrates the registration and privilege establishment<br />
process for Modern key. Figure 5 to Figure 8 provide a breakdown of the registration and<br />
privilege management processes identified in Figure 4.<br />
<strong>Key</strong> Management<br />
Authority (KMA)<br />
EKMS Account<br />
Appointment Certificate (User Representative)<br />
Registration CRN<br />
STU III PER/SDNS PER/MSK PER<br />
PER CRN<br />
Cryptomaterial<br />
Management &<br />
Assistance Centre<br />
(CMAC)<br />
User<br />
Representative<br />
EKMS Account<br />
<strong>Ordering</strong> Privilege Notice (OPN)<br />
<strong>Ordering</strong> Privilege Notice (OPN)<br />
Appointment<br />
Certificate (KMA)<br />
Registration CRN<br />
COR<br />
Of User<br />
Representative’s<br />
EKMS Account<br />
Departmental<br />
COMSEC<br />
Authority<br />
(DCA)<br />
4.1.1 Registration<br />
Figure 4 – Registration of Modern <strong>Key</strong> <strong>Ordering</strong> Privileges<br />
Registration is the process that allows individuals to perform certain key management<br />
responsibilities within an account. Registration of an account is accomplished with the Account<br />
Registration Form and registration of an individual is accomplished with the Appointment<br />
Certificate Form.<br />
Registration and Privilege Management May 2006 19
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Registration of KMA/OPM<br />
The DSO / ITSC or DCA submits an Appointment Certificate to register KMA’s or OPM’s to<br />
the CMAC. The CMAC responds with an Acknowledgement.<br />
Departmental<br />
Security Officer<br />
(DSO)<br />
or<br />
Departmental<br />
COMSEC Authority<br />
(DCA)<br />
Appointment Certificate<br />
Registration Acknowledgement<br />
Cryptomaterial<br />
Management &<br />
Assistance<br />
Centre (CMAC)<br />
Figure 5 – Registration KMA/OPM<br />
Registration of User Representative/STAR<br />
The KMA submits an Appointment Certificate to register User Representatives and the OPM<br />
submits an Appointment Certificate to register the STAR at the CMAC. The CMAC responds<br />
with a Registration Acknowledgement.<br />
<strong>Key</strong> Management<br />
Authority (KMA)<br />
or<br />
Appointment Certificate<br />
Registration Acknowledgement<br />
Cryptomaterial<br />
Management &<br />
Assistance<br />
Centre (CMAC)<br />
Order Privilege<br />
Manager (OPM)<br />
4.1.2 Privilege Management<br />
Figure 6 – Registration User Representative/STAR<br />
Privilege Management is the process that assigns, maintains and enforces access controls for<br />
individuals and accounts. The process to grant, modify or revoke a key management privilege is<br />
accomplished with a Privilege Establishment Request (PER).<br />
The KMA submits the SDNS, MSK or STU III PER to request key ordering privileges to the<br />
CMAC for the EKMS ID. The OPM submits a Traditional PER to request STAR privileges at<br />
20 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
the CMAC for the EKMS ID. The CMAC will respond to each PER with a PER CRN to advise<br />
if the PER has been approved or rejected. The PER CRN is sent to the EKMS ID that submitted<br />
the PER.<br />
Privilege Management – PER Rejected by the CMAC<br />
<strong>Key</strong> Management<br />
Authority (KMA)<br />
Or<br />
Order Privilege<br />
Manager (OPM)<br />
SDNS PER/MSK PER/STU III PER<br />
PER CRN<br />
Traditional PER<br />
Traditional PER CRN<br />
Cryptomaterial<br />
Management &<br />
Assistance Centre<br />
(CMAC)<br />
Privileged<br />
EKMS ID<br />
SDNS OPN / MSK OPN<br />
Privileged<br />
EKMS ID’s<br />
COR<br />
SDNS OPN / MSK OPN<br />
Figure 7 – Privilege Management – PER Rejected by the CMAC<br />
NOTE: STU III OPN’s are not sent from the CMAC to the Privileged EKMS ID or the<br />
Privileged EKMS ID’s COR.<br />
4.1.3 <strong>Key</strong> <strong>Ordering</strong><br />
<strong>Key</strong> <strong>Ordering</strong> is the process that initiates the production and delivery of key to a COMSEC<br />
account authorized to receive it. The process to order key is accomplished with a <strong>Key</strong> Order<br />
Form.<br />
The privileged EKMS ID submits the SDNS, MSK, Traditional or STU III key order to the<br />
CMAC. The key order is either approved or rejected based on privileges assigned to that EKMS<br />
ID. The CMAC will respond to each key order with an order CRN.<br />
Registration and Privilege Management May 2006 21
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
EKMS ID<br />
submitting key<br />
order<br />
SDNS/MSK/Trad/STU III key order<br />
SDNS/MSK/ Trad/STU III order CRN<br />
Cryptomaterial<br />
Management &<br />
Assistance Centre<br />
(CMAC)<br />
Figure 8 – <strong>Key</strong> <strong>Ordering</strong> Process<br />
4.2 Forms and Notices<br />
Table 6 lists the forms and notices used for the registration of key ordering personnel and their<br />
privileges. Samples of these forms and notices can be found in the referenced annexes. Many of<br />
the boxes on the forms are self-explanatory. A brief explanation of the other boxes on the form<br />
is contained in the article references and on the form itself.<br />
It is important that all sections of the forms be completed legibly so that CMAC staff can<br />
correctly process the information. Incorrect information may result in incorrect user<br />
identification or invalid key orders. Completed forms are submitted to the CMAC.<br />
Table 6 – Registration and Privilege Management Request Forms<br />
Form/Notice Description/Use Sample<br />
Form<br />
Article<br />
Reference<br />
Appointment Certificate<br />
STU III Privilege<br />
Establishment Request<br />
(STU III PER)<br />
SDNS Privilege Establishment<br />
Request (SDNS PER)<br />
MSK Privilege Establishment<br />
Request (MSK PER)<br />
Traditional Privilege<br />
Establishment Request<br />
(Traditional PER)<br />
PER Confirmation/Rejection<br />
Notice (PER CRN)<br />
Identifies all of the information required to appoint<br />
or terminate the appointment of departmental<br />
personnel authorized to perform a key order role<br />
Identifies all of the information required to add,<br />
replace or delete Department/Agency/ Organization<br />
(DAO) Codes, DAO descriptions and the attributes<br />
associated with the DAO Code<br />
Identifies all the information required to add,<br />
replace or delete SDNS key ordering privileges at<br />
an EKMS ID<br />
Identifies all of the information required to add or<br />
delete MSK key ordering privileges at an EKMS ID<br />
Identifies all of the information required to add,<br />
replace or cancel OPM or STAR ordering privileges<br />
associated with an EKMS ID<br />
Identifies the privileges granted or revoked in<br />
response to a Traditional, STU III, SDNS or MSK<br />
PER<br />
Annex C 4.3<br />
Annex D 4.4<br />
Annex E 4.5<br />
Annex F 4.6<br />
Annex G 4.7<br />
Annex H 4.8<br />
22 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Form/Notice Description/Use Sample<br />
Form<br />
Article<br />
Reference<br />
<strong>Ordering</strong> Privilege Notice<br />
(OPN)<br />
Identifies the OPM, STAR, or User Representative<br />
privileges granted by the generating EKMS ID<br />
(CCF) to another EKMS ID in response to an<br />
approved Traditional, SDNS or MSK PER<br />
Annex I 4.9<br />
4.3 Appointment Certificate Form<br />
4.3.1 General<br />
The Appointment Certificate form found in Annex C is used to appoint individuals or terminate<br />
the appointment of individuals authorized to order key or to assign ordering privileges to an<br />
EKMS account.<br />
4.3.2 New Appointment<br />
4.3.2.1 Authorization<br />
Personnel performing the following roles are required to be formally appointed:<br />
• The DSO/ITSC appoints the DCA;<br />
• The DSO/ITSC/DCA appoints the KMA and the OPM;<br />
• The KMA appoints the User Representatives and Alternate User Representatives;<br />
• The OPM appoints the STARs.<br />
The individual authorizing the appointment must ensure that the appointee:<br />
a. Is a Canadian citizen;<br />
b. Has been granted a security clearance commensurate with the highest sensitivity level of the<br />
information or material being accessed;<br />
c. Has received a COMSEC briefing, if required to physically handle the key (i.e., also the<br />
COMSEC Custodian, Alternate Custodian, End User); and<br />
d. Is fully conversant with the duties and responsibilities of the appointment.<br />
4.3.2.2 Security Clearance<br />
Unless the appointees will physically handle the key (i.e., the COMSEC Custodian, Alternate<br />
COMSEC Custodian, End User), they need not be cleared to the highest level of the key that<br />
they are authorized to order.<br />
4.3.2.3 Personnel Training<br />
Prior to appointment, or within three months following appointment, each new KMA, User<br />
Representative, OPM, STAR appointee must attend the formal <strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong><br />
Course. COMSEC Custodians, DSOs and DCAs are also encouraged to attend this course.<br />
Registration and Privilege Management May 2006 23
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Course schedules and registration information are available from the ITS Learning Centre at<br />
CSE.<br />
The DCA or currently appointed key ordering personnel should provide interim training to<br />
ensure that each appointee thoroughly understands the procedures for assigning privileges and<br />
ordering key. If this interim training is not possible at the appointee’s department, it can be<br />
provided by the CMAC.<br />
4.3.3 Change of Personnel<br />
The individual authorizing the new appointment must submit an Appointment Certificate for the<br />
new appointee and complete the Termination of Appointment section on a copy of the original<br />
Appointment Certificate for the individual being replaced. The change of personnel shall be<br />
performed prior to the departure of the currently appointed personnel.<br />
4.4 STU III PER Form<br />
4.4.1 General<br />
The STU III PER form in Annex D is used by the KMA to register key ordering privileges for<br />
the STU III User Representative currently appointed to the EKMS account. The form specifies<br />
the STU III User Representative’s privileges for specific DAO Codes and DAO descriptions for<br />
which the User Representative may order key. It also includes the types of key authorized and<br />
the highest security classification of the key.<br />
4.4.2 Request Type<br />
The form is used to add, modify or delete one or more DAO Codes and their associated<br />
attributes. Changes must be forwarded to the CMAC promptly to maintain current records and<br />
to permit new DAO Codes to be assigned and forwarded to the appropriate User Representative.<br />
The above actions are described below:<br />
a. Add: selecting this option will result in one STU III privilege being added to the EKMS ID.<br />
The CMAC will assign the DAO code;<br />
b. Modify: selecting this option will result in modifying an existing STU III privilege. Provide<br />
the DAO code that will be modified;<br />
c. Delete: selecting this option will result in all STU III ordering privileges associated with the<br />
specified DAO code being deleted. Provide the DAO code that will be deleted.<br />
4.4.3 DAO Code<br />
When adding a new DAO description, leave the DAO Code field blank. The CMAC will assign<br />
the six-digit DAO code to the DAO description. This code will be returned to the KMA and<br />
User Representative via the STU III PER Confirmation/Rejection Notice (STU III CRN)<br />
(formerly known as the <strong>Key</strong> Order Authorization Form). DAO Codes are used by the User<br />
Representative for ordering key. When modifying or deleting a DAO description and/or the<br />
associated attributes, the assigned DAO Code must be entered. Each DAO Code will be<br />
assigned to only one User Representative but a User Representative may have several DAO<br />
24 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Codes assigned. The DAO description may contain up to 16 characters (including spaces) and<br />
corresponds to a line of display on the STU III terminal.<br />
4.4.4 DAO Description<br />
4.4.4.1 General<br />
User identification is a critical part of STU III key and is displayed by the distant STU III<br />
telephone when a secure call is initiated. Each user’s identification is expressed in two parts: a<br />
DAO Description and an additional identification data field (i.e., free form field). The KMA is<br />
responsible for specifying the contents of the DAO description while the User Representative is<br />
responsible for the additional identification data field. The User Representative will provide the<br />
additional identification data on the STU III <strong>Key</strong> Order Request form (see article 5.2.10).<br />
4.4.4.2 Line 1<br />
Line one of the DAO description is mandatory. The first line of a DAO description is displayed<br />
on the distant terminal for the duration of each secure call. It should be a bilingual (optional for<br />
foreign key), recognizable, common description of the department rather than cryptic<br />
abbreviations or numeric designators that would not be easily recognized by persons calling that<br />
STU III telephone. Widely accepted government acronyms such as DND/MDN, GRC/RCMP<br />
and CSE/CST are acceptable. Each line may contain up to 16 characters (including spaces) and<br />
corresponds to a line of display on the STU III terminal.<br />
4.4.4.3 Line 2<br />
Line two of the DAO description is optional. The second line will be displayed momentarily to<br />
the distant user during the secure call set-up. It should be used by the KMA for additional DAO<br />
description information such as location, section, unit or position designator. Alternatively, it<br />
can be left blank. This leaves one line available for use as additional identification data. The<br />
second line must not be used for names of individuals.<br />
4.4.4.4 Rules for DAO Description<br />
The rules for the identification of DAO descriptions are as follows:<br />
a. The first line of the DAO description must specify the sponsoring DAO, or a major portion<br />
thereof, or a Government Contractor;<br />
b. The department specified in the DAO description must be representative of the DAO for<br />
which the KMA is appointed;<br />
c. Each DAO description must be unique not only to the department but also within all<br />
departments;<br />
d. Each DAO description can only be registered and used by one User Representative;<br />
e. Each line may contain up to 16 characters including spaces. Valid characters are uppercase<br />
letters (A to Z), digits (0 to 9), and the following special characters:<br />
, . / [ ] ! “ # $ % & ‘ ( ) + - = ; < > ?<br />
Registration and Privilege Management May 2006 25
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
f. Two keyboard symbols that cannot be used in the DAO description are the asterisk (*) and<br />
the backward slash (\);<br />
g. DAO descriptions should be displayed in bilingual format;<br />
h. Line 2 of the DAO description for STU III key used for communications between EKMS<br />
accounts equipped with an LMD or LMD/KP will be populated with the account’s EKMS<br />
ID; and<br />
i. DAO descriptions may only be created, changed and deleted by the KMA.<br />
4.4.5 EKMS Use Indicator<br />
<strong>Key</strong> identified for use as EKMS may only be used by the EKMS account for which it is<br />
authorized. The STU III EKMS key is required for authentication purposes during direct<br />
communications between fully automated and/or partially automated EKMS accounts and for<br />
electronic communications to the CCF.<br />
The STU III EKMS key may be used by the EKMS account personnel for classified<br />
communications other than EKMS communications. When the STU III is used for non-EKMS<br />
communications, the LMD must be disconnected and turned off.<br />
4.4.6 Requesting <strong>Ordering</strong> Privileges for Other EKMS Accounts<br />
An account may request ordering privileges for other EKMS accounts.<br />
4.4.7 Authorized <strong>Key</strong> Type<br />
4.4.7.1 General<br />
<strong>Key</strong> type includes the key type level, which refers to the highest level of protection provided by<br />
the key, and the operational status of the key.<br />
4.4.7.2 <strong>Key</strong> Type Level<br />
The possible key type levels for STU III key include:<br />
a. Type 1 key is used to denote key that is authorized for the protection of classified,<br />
unclassified and protected information. Type 1 key can only be used in Type 1 equipment;<br />
and<br />
b. Type 2 key is used to denote key that is authorized for the protection of information up to<br />
and including PROTECTED B. Type 2 key can only be used in Type 2 equipment.<br />
4.4.7.3 Seed/Operational Indicator<br />
<strong>Key</strong> is distinguished as either seed key or operational key by the type of electronic information<br />
that is stored on the delivery mechanism (i.e., KSD). Operational key can be used for secure<br />
communications immediately upon load into the end equipment whereas seed key must be<br />
converted to operational key before secure communications are initiated (i.e., electronic rekey).<br />
The user initiates this conversion by placing a call to the CCF (6<strong>13</strong>) 991-8600, during which the<br />
seed key in the end equipment is converted to operational key.<br />
26 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Operational key is available for Type 1 STU IIIs, Type 2 STU IIIs, and KOV 14C cryptographic<br />
cards. Seed key is only available for Type 1 STU III terminals.<br />
The KMA must indicate all of the types of key that may be ordered by the STU III User<br />
Representative for each DAO Code and DAO description.<br />
4.4.7.4 U.S. STU III <strong>Key</strong><br />
If communications are required with U.S. organizations on the American STU III network, the<br />
KMA must obtain authorization from the CMAC to order U.S. national key. To obtain<br />
authorization, the KMA must provide a written explanation of the requirement including specific<br />
Canadian and U.S. individuals involved and the nature of the discussions to take place. The<br />
CMAC will review the request and determine if authorization will be granted. U.S. national key<br />
orders will not be processed by the CMAC unless authorization is granted. U.S. key ordering<br />
privileges must be tied to specific DAO Codes, DAO descriptions and User Representatives.<br />
4.4.8 Maximum <strong>Key</strong> Classification<br />
Select the highest classification of key that the User Representative can order for each DAO<br />
Code using the following guidelines:<br />
a. The only valid classification for Type 2 Operational key is UNCLASSIFIED, this also<br />
includes PROTECTED A and B;<br />
b. The highest classification for STU III key with a Class 6 Code of 25 - Mobile (i.e., for use in<br />
a CipherTAC) is SECRET; and<br />
c. The maximum classification selected must be equal to or higher than the highest<br />
classification of Class 6 Code(s) selected.<br />
4.4.9 Class 6 Codes<br />
When ordering key, it is necessary for the User Representative to use the Class 6 Code section to<br />
specify a Class 6 requirement. Currently there are six Class 6 Codes:<br />
Code<br />
Displayed Message<br />
01 PROTECTC<br />
02 PROTECTB<br />
03 PROTECTA<br />
10 SCI<br />
20 US<br />
99 TEST<br />
Class 6 Code 10 (TOP SECRET ‘SCI’ <strong>Key</strong>) is for use in areas approved for the discussion or<br />
processing of sensitive compartmented information (SCI). This description appears in a<br />
terminal’s display only when both terminals contain key with the ‘SCI’ description. All other<br />
Class 6 Code descriptions will appear on a terminal’s display if one or both terminals contain<br />
key with that Class 6 Code.<br />
Any additional Class 6 Codes will be announced as they become available, with instructions to<br />
the user community for their use.<br />
Registration and Privilege Management May 2006 27
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
4.5 SDNS PER Form<br />
4.5.1 General<br />
The SDNS PER form found in Annex E is used by the KMA to register key ordering privileges<br />
for User Representatives who are currently appointed to the EKMS account. The form specifies<br />
the User Representative’s privileges for specific Partition Codes for which the User<br />
Representative may order key and includes the types of key and types of equipment associated<br />
with the Partition Code. Completed SDNS PERs are submitted to the CMAC.<br />
4.5.2 Request Type<br />
The form is used to add or delete one or more Partition Codes and their associated attributes.<br />
Changes must be forwarded to the CMAC promptly to maintain current records and to permit<br />
new Partition Codes to be assigned and forwarded to the appropriate User Representative.<br />
The above actions are described below:<br />
a. Add: selecting this option will result in one SDNS privilege being added to the EKMS ID;<br />
b. Delete: selecting this option will result in all SDNS privileges that have the specified EKMS<br />
ID and partition code combination being deleted.<br />
4.5.3 Requesting <strong>Ordering</strong> Privileges for Other EKMS IDs<br />
An account may request ordering privileges for other EKMS accounts.<br />
4.5.4 Partition Code<br />
Open partition privileges allow User Representatives to order SDNS key for users who want to<br />
communicate with all other open partition subscribers. The open partition is similar to the<br />
GSTN in that no subscribers are excluded from the communications network.<br />
Closed partition privileges allow User Representatives to order SDNS key for a select set of<br />
users as determined by the network administrator and/or Controlling Authority who determines<br />
who can communicate in the network. Closed partitions can be further segregated within<br />
networks by utilizing access controls.<br />
Partition codes will be approved by ITS Client Services and assigned by the CMAC.<br />
4.5.5 Authorized <strong>Key</strong> Type<br />
4.5.5.1 General<br />
<strong>Key</strong> type includes the key type level, which refers to the highest level of protection provided by<br />
the key, and the operational status of the key.<br />
4.5.5.2 <strong>Key</strong> Type Level<br />
The possible key type levels for SDNS key include:<br />
a. Type 0 key is used to generate a <strong>Key</strong> Encryption <strong>Key</strong> (KEK), which can be used to bulk<br />
encrypt keys. The only valid equipment type for Type 0 key is the KP (KOK 22A);<br />
28 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
b. Type 1 key is used to denote key that is authorized for the protection of classified,<br />
unclassified and protected information.<br />
4.5.5.3 Seed/Operational Indicator<br />
<strong>Key</strong> is distinguished as either seed key or operational key by the type of electronic information<br />
that is stored on the delivery mechanism (e.g., KSD, DTD). Operational key can be used<br />
immediately for secure communications upon load into the end equipment whereas seed key<br />
must be converted to operational key before secure communications are initiated (i.e., electronic<br />
rekey). The user initiates this conversion by placing a call to the CCF, during which the seed<br />
key in the end equipment is converted to operational key.<br />
NOTE: Seed key and electronic rekey for SDNS key is not currently available at the<br />
CCF.<br />
4.5.5.4 Maximum <strong>Key</strong> Classification<br />
The selected maximum key classification shall not exceed the classification level of the account<br />
receiving the privilege nor the maximum classification level allowed by the equipment’s<br />
doctrine.<br />
4.5.5.5 Foreign SDNS <strong>Key</strong><br />
If initial communications are required with foreign entities, the KMA must obtain authorization<br />
from the Head, Client Services, <strong>Cryptographic</strong> Security, CSE to order foreign key. To obtain<br />
authorization, the KMA must provide a written explanation of the requirement including specific<br />
Canadian and foreign organizations involved and the nature of the information to be exchanged.<br />
The Head, Client Services, <strong>Cryptographic</strong> Security, CSE will review the request and determine if<br />
authorization will be granted. Foreign key orders will not be processed by the CMAC unless<br />
authorization is granted. Foreign key ordering privileges must be tied to specific Partition<br />
Codes. Foreign key may consist of the following:<br />
a. Foreign;<br />
b. Coalition;<br />
c. CCEB;<br />
d. NATO; and<br />
e. Allied.<br />
NOTE: SDNS rekey is available at the U.S. Central Facility for certain devices. Contact<br />
the CMAC for further information.<br />
4.5.6 <strong>Key</strong> Purpose<br />
The key purpose provides the function of the key as described below:<br />
a. Operational – if the privileged EKMS ID requires key intended for use over-the-air for<br />
protection of operational information or for the production or secure electrical transmission<br />
of key streams. The key classification will include the caveat CRYPTO;<br />
Registration and Privilege Management May 2006 29
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
b. Test – if the privileged EKMS ID requires key intended for over-the-air testing of COMSEC<br />
equipment or systems. The key classification will include the caveat CRYPTO;<br />
c. Training:<br />
1) Classroom – if key required is intended for over-the-air or off-the-air classroom<br />
training. If the key is for over-the-air training classification will include the caveat<br />
CRYPTO;<br />
2) Exercise – if key required is intended to safeguard transmissions associated with<br />
exercises. If used over-the-air classification will include CRYPTO.<br />
d. Maintenance – if the privileged EKMS ID requires key intended only for off-the-air or<br />
in-shop use the key classification will not include the caveat CRYPTO;<br />
e. Developmental – if the privileged EKMS ID requires key intended for the “in-process”<br />
production of COMSEC material or equipment. The key classification will include the<br />
caveat CRYPTO;<br />
f. Sample – if the privileged EKMS ID requires key intended for off-the-air demonstration use<br />
only. The key classification may include the caveat CRYPTO.<br />
4.6 MSK PER Form<br />
The MSK PER form found in Annex F is used by the KMA to register key ordering privileges<br />
for MSK User Representatives who are currently appointed to the EKMS account. The KMA<br />
can add or delete the privilege to order Canadian or U.S. MSK for use in a KP (i.e., KOK 22A)<br />
in an operational or test mode.<br />
4.6.1 Requesting <strong>Ordering</strong> Privileges for Other EKMS IDs<br />
An account may request ordering privileges for other EKMS accounts.<br />
4.6.2 Request Type<br />
This form is used to add or delete one or more MSK key ordering privileges. Changes must be<br />
forwarded to the CMAC promptly to maintain current records.<br />
The above actions are described below:<br />
a. Add: selecting this option will result in one MSK privilege being added to the EKMS ID;<br />
b. Delete: selecting this option will result in the deletion of all MSK privileges that have the<br />
specified EKMS ID and DAO combination.<br />
4.7 Traditional PER Form<br />
The Traditional PER form found in Annex G is used by the DCA to register OPM and STAR key<br />
ordering privileges at the CCF for their department. The form is used to add or cancel OPM or<br />
STAR privileges as follows:<br />
a. Initial action allows the DCA to add either OPM or STAR privileges; and<br />
30 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
b. Cancel action allows the DSO/DCA to delete either the OPM or STAR privilege.<br />
4.8 PER Confirmation/Rejection Notice (PER CRN)<br />
The CCF generates a PER CRN for the EKMS account submitting the request in response to the<br />
processing of each PER. It confirms or rejects the requested ordering privileges. Any changes<br />
submitted on a PER will result in a new PER CRN. See Annex H for sample PER CRNs.<br />
4.9 <strong>Ordering</strong> Privilege Notice (OPN)<br />
The CCF generates an OPN for the EKMS account being privileged and the privileged account’s<br />
COR in response to the processing of each PER. The OPN identifies the OPM, STAR or User<br />
Representative ordering privileges granted, revoked or modified by a generating account to<br />
another EKMS account in response to an approved Traditional PER, STU III PER, SDNS PER<br />
or MSK PER. See Annex I for sample OPNs.<br />
Registration and Privilege Management May 2006 31
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
32 May 2006 Registration and Privilege Management
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5 <strong>Key</strong> Orders<br />
5.1 <strong>Key</strong> <strong>Ordering</strong> Process<br />
5.1.1 Overview<br />
A key order initiates the process that results in the generation and distribution of key. <strong>Key</strong><br />
orders are submitted to the CMAC on various forms via mail or courier, secure or non-secure fax<br />
and the CCF EKMS Message Server. After the CMAC processes the key order, an Order<br />
Confirmation/Rejection Notice (Order CRN) will be sent to the EKMS account that submitted<br />
the order. If the key order cannot be processed (e.g., not signed, missing information), the<br />
CMAC will contact the department by phone.<br />
5.1.2 Interaction with User Community to Determine <strong>Key</strong> Requirements<br />
Requirements may come from a number of sources. Users may request key to:<br />
a. <strong>Key</strong> an equipment when it is first acquired and installed;<br />
b. Restore an equipment to service after it has been zeroized (e.g., operational key erased to<br />
facilitate maintenance action or repairs);<br />
c. Change identification information as a result of a re-organization, etc.;<br />
d. Perform testing or maintenance on equipment; and<br />
e. Replace expired key in circumstances where electronic rekeying cannot be performed.<br />
5.1.3 Validate Security Information<br />
The personnel ordering the key (e.g., User Representatives, OPMs, STARs) must validate,<br />
through the appropriate departmental channels, that the user has a security clearance equal to or<br />
higher than the classification of the requested key. If the request is not valid, the key order must<br />
not be placed with the CMAC.<br />
5.1.4 Preparation of <strong>Key</strong> Order Requests<br />
Samples of the key order request forms and notices listed in Table 7 can be found in the<br />
referenced annexes. An explanation of the boxes on the form is contained in the article<br />
references and on the form itself. It is important that all sections of the forms be completed<br />
legibly so that CMAC staff can correctly process the information. Incorrect information may<br />
result in incorrect user identification or invalid key orders.<br />
Table 7 – <strong>Key</strong> Order Request Forms and Notices<br />
<strong>Key</strong> Order Request<br />
Forms/Notices<br />
Description/Use<br />
Sample<br />
Form<br />
Article<br />
Reference<br />
STU III <strong>Key</strong> Order<br />
Request<br />
SDNS <strong>Key</strong> Order<br />
Request<br />
MSK <strong>Key</strong> Order<br />
Request<br />
Used to order seed key or operational key for the STU III,<br />
CipherTAC and KOV 14C<br />
Annex J 5.2<br />
Used to order FIREFLY key for SDNS equipment Annex K 5.3<br />
Used to order message signature key for the <strong>Key</strong><br />
Processor (KP)<br />
Annex L 5.4<br />
<strong>Key</strong> Orders May 2006 33
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
<strong>Key</strong> Order Request<br />
Forms/Notices<br />
Description/Use<br />
Sample<br />
Form<br />
Article<br />
Reference<br />
Traditional <strong>Key</strong> Order<br />
Request<br />
Order Confirmation/<br />
Rejection Notice<br />
(Order CRN)<br />
<strong>Ordering</strong> Privilege<br />
Notice (OPN)<br />
Used to order physical key tape or KG 175 TACLANE<br />
Pre-Placed key<br />
Used to notify the EKMS account submitting the order of<br />
the status of each item that was ordered<br />
Used to notify the EKMS account that they are authorized<br />
to order key from the account named in the OPN<br />
Annex M 5.5<br />
Annex N 5.6<br />
Annex I 4.9<br />
5.1.5 Submission of <strong>Key</strong> Order Requests<br />
The submission of a key order request must take into consideration the time required to generate,<br />
produce and distribute the key (see also Section 2.4.5.2). Depending on sensitivity, key orders<br />
can be submitted to the CMAC via:<br />
a. EKMS x.400;<br />
b. Message Server;<br />
c. First class mail;<br />
d. Courier;<br />
e. Secure or non-secure facsimile;<br />
f. Secure or non-secure telephone.<br />
5.1.6 Classification/Protection of <strong>Key</strong> Order Requests<br />
<strong>Key</strong> orders may be classified or protected in accordance to their content. Specific instructions<br />
are provided with each form.<br />
5.1.7 Validation of <strong>Key</strong> Order Requests<br />
Once the CMAC receives the key order request, it will be validated against the registered<br />
ordering privileges as described in Chapter 4 prior to filling the order. Once approved, an Order<br />
CRN will be generated and returned to the EKMS account that submitted the order. The User<br />
Representative, OPM or STAR must verify that the Order CRN accurately reflects the key that<br />
was ordered. The Order CRN will list the status of each item ordered (e.g., approved, rejected).<br />
If an item is approved, then the CCF will proceed with the production and delivery of the key<br />
that was approved. If an item is rejected, the reason will be provided and a new key order must<br />
be submitted. If an Order CRN is received for an order that was not submitted by the EKMS<br />
account, or there is any discrepancy in the order, the User Representative, OPM or STAR or<br />
Custodian must call the CMAC immediately.<br />
5.1.8 Monitor Status of <strong>Key</strong> Order Requests<br />
The Order CRN will contain an Order Transaction ID. This Order Transaction ID should be<br />
referenced when contacting the CMAC to request information on the status of the order.<br />
34 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.1.9 Notification to the COMSEC Custodian<br />
COMSEC Custodians who will receive the key must be notified of the order. The best method<br />
for this notification is for the User Representative, OPM or STAR to provide the COMSEC<br />
Custodian of the receiving EKMS account with a copy of the key order and the Order CRN.<br />
This will enable the COMSEC Custodian to verify that the received key matches what was<br />
ordered.<br />
5.2 STU III <strong>Key</strong> Order Request Form<br />
5.2.1 General<br />
The STU III <strong>Key</strong> Order Request form found in Annex J is used by the User Representative to<br />
order STU III Type 1 and Type 2 key.<br />
5.2.2 EKMS Transaction Number<br />
Each key order request must contain an identifier called a transaction number. The format for<br />
this number is YYMMXXXX, where YY is the last two digits of the year, MM is the month, and<br />
XXXX is the sequence number of the order within the month. With each subsequent month, the<br />
transaction number will start with 0001 again. For example, 01080005 is the fifth key order<br />
submitted by this User Representative during the month of August 2001. This field must have a<br />
total of eight digits. No alphabetical characters can be used.<br />
5.2.3 Type of <strong>Key</strong><br />
5.2.3.1 General<br />
<strong>Key</strong> type includes the key type level, which refers to the highest level of protection provided by<br />
the key, and the operational status of the key.<br />
5.2.3.2 <strong>Key</strong> Type Level<br />
The possible key type levels for STU III key include:<br />
a. Type 1 key is used to denote key that is authorized for the protection of classified,<br />
unclassified and protected information. Type 1 key can only be used in Type 1 equipment;<br />
and<br />
b. Type 2 key is used to denote key that is authorized for the protection of information up to<br />
and including PROTECTED B. Type 2 key can only be used in Type 2 equipment.<br />
5.2.3.3 Seed/Operational Indicator<br />
<strong>Key</strong> is distinguished as either seed key or operational key by the type of electronic information<br />
that is stored on the KSD. Operational key can be used for secure communications immediately<br />
upon load into the end equipment whereas seed key must be converted to operational key (via<br />
electronic rekey) before secure communications are initiated. The user initiates this conversion<br />
by placing a call to the CCF, during which the seed key in the end equipment is converted to<br />
operational key.<br />
<strong>Key</strong> Orders May 2006 35
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Operational key is available for Type 1 STU IIIs, Type 2 STU IIIs, CipherTAC 2000s and<br />
KOV-14C cryptographic cards. Seed key is only available for Type 1 STU III terminals.<br />
Operational key enables a user to make a secure call without having to be converted; therefore it<br />
is more vulnerable to compromise than seed key. For this reason only seed keys should be<br />
ordered, unless there are special circumstances (e.g., requirement for contingency key) at your<br />
department.<br />
5.2.4 EKMS STU III <strong>Key</strong> Order<br />
Automated accounts that have a requirement for a connection to the CCF Message Server must<br />
order EKMS STU III key. The EKMS ID of the account where the EKMS STU III key will be<br />
used must be entered for each applicable line item.<br />
5.2.5 Delivery Mechanism<br />
STU III key is delivered on KSD 64 or via electronic rekey. STU III key may be loaded into the<br />
following equipment types:<br />
5.2.5.1 STU III (includes CipherTAC 2000)<br />
Both seed key and operational key are available for use in all STU III terminals, other than<br />
CipherTAC 2000, as indicated above. The CipherTAC 2000 uses only operational key from a<br />
KSD, and is loaded directly into the CipherTAC 2000 at the CCF. This includes initial keying as<br />
well as rekey since there is no electronic rekey capability for the CipherTAC 2000. STU III key<br />
for one or more CipherTAC 2000s may be requested on a single order form. The serial number<br />
of the CipherTAC 2000 must be included in the remarks column for each line item identified as<br />
Class 6 Code 25 (Mobile). Contact the CMAC to make arrangements for the loading of<br />
CipherTAC 2000s.<br />
NOTE: For additional information on the CipherTAC 2000 refer to the Canadian <strong>Cryptographic</strong><br />
Doctrine for the CipherTAC 2000 (CCD-04).<br />
5.2.5.2 Secure Terminal Equipment (STE)<br />
STU III key for use with the STE is loaded directly onto the KOV 14C <strong>Cryptographic</strong> Card at<br />
the CCF. STU III key for one or more than one KOV 14C may be requested on a single order<br />
form. The serial number of the KOV 14C must be included in Block <strong>13</strong> of the STU III <strong>Key</strong><br />
Order Request form (Remarks column) for each applicable line item. The completed STU III<br />
Order Request form and the associated SDNS <strong>Key</strong> Order Request form, if applicable, must be<br />
sent to the CMAC and the zeroized KOV 14C(s) must be sent to the NDA at the CCF via the<br />
NCMCS. For additional information on the STE/KOV 14C refer to the Canadian <strong>Cryptographic</strong><br />
Doctrine for the FORTEZZA PLUS <strong>Cryptographic</strong> Card (KOV 14C) and associated Secure<br />
Terminal Equipment (STE) (CCD-11).<br />
NOTE: For additional information on the STU III and KSDs refer to STU III <strong>Key</strong> Management<br />
Plan (CID/01/<strong>13</strong>) and STU III Operational <strong>Manual</strong> (MG-7).<br />
36 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.2.6 Classification of <strong>Key</strong><br />
Enter the classification or designation of the key for each line item. Note the following<br />
restrictions:<br />
a. <strong>Key</strong> may have a designation or classification up to the maximum that the User<br />
Representative is permitted to order for the specified DAO Code and DAO description<br />
specified for each line item;<br />
b. If the PROTECTED designation is indicated, the appropriate Class 6 Code must be included;<br />
c. The only valid classification for Type 2 Operational key is UNCLASSIFIED;<br />
d. The highest classification for STU III key with a Class 6 Code of 25 - Mobile (i.e., for use in<br />
a CipherTAC 2000) is SECRET; and<br />
e. The maximum classification selected must be equal to or higher than the highest<br />
classification of Class 6 Code(s) selected.<br />
5.2.7 Class 6 Code<br />
Enter the Class 6 Code, if required. Some users require additional authentication information,<br />
such as compartmental security classifications. This can be provided through the use of Class 6<br />
Codes. Each Class 6 Code is assigned a two-digit number by the CMAC. Class 6 Codes are<br />
described in article 4.4.9 of this publication.<br />
5.2.8 DAO Code<br />
Enter the appropriate DAO Code for each key ordered. The DAO Codes that an EKMS Account<br />
is authorized to request are indicated on the STU III User Representative <strong>Key</strong> <strong>Ordering</strong><br />
Authorization Form. <strong>Key</strong> ordered using a particular DAO code automatically contains the<br />
description associated with that code. See also Article 4.4.4 for additional detail.<br />
5.2.9 Additional Identification Data<br />
5.2.9.1 Description<br />
The additional identification data (e.g., free form field) is an additional two lines to the existing<br />
DAO description for the key and is displayed on the STU III immediately after the DAO<br />
description. Each line of the identification data may contain up to 16 characters including<br />
spaces, but the sum of all four (4) lines shall not exceed 50 characters. The additional<br />
identification data field allows customization of a department’s key to specific sub-elements and<br />
users. For example, it can specify geographic location or position title, but shall not include<br />
personal names. Additional identification data is optional. The following are examples of<br />
complete user identification including the DAO description and the additional identification data<br />
field:<br />
Line 1 HEALTH CANADA DAO Description<br />
Line 2 SANTE CANADA DAO Description<br />
Line 3 DIRECTOR SECURITY Free Form<br />
Line 4 OTTAWA Free Form<br />
<strong>Key</strong> Orders May 2006 37
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.3.5.3 Seed/Operational Indicator<br />
<strong>Key</strong> is distinguished as either seed key or operational key by the type of electronic information<br />
that is stored on the delivery mechanism (e.g., KSD, DTD). Operational key can be used<br />
immediately for secure communications upon load into the end equipment whereas seed key<br />
must be converted to operational key before secure communications are initiated (i.e., electronic<br />
rekey). The user initiates this conversion by placing a call to the CCF, during which the seed<br />
key in the end equipment is converted to operational key.<br />
NOTE: Seed key and electronic rekey for SDNS key is not currently available at the<br />
CCF. The U.S. Central Facility supports electronic rekey for most SDNS equipment.<br />
5.3.6 Access Control Schedule<br />
There are three optional fields to select for the Access Control Schedule. If this feature is not<br />
required, select “None”. If the key type is Type 1 Operational, select “Comms”. If the key type<br />
is Type O Operational (for keys ordered for the LMD/KP), select “Distribution”.<br />
5.3.7 ASCII ID<br />
Any additional identification information for each key such as the 14-character free form<br />
information that appears in the CNES display can be entered.<br />
ASCII ID and Authenticated ASCII ID Data provide human-readable access control and<br />
identification information. The information may describe a network, account or end-user. The<br />
data is contained in the key and may consist of up to 32 characters.<br />
ASCII ID is used when ordering CNES key. User Representatives ordering the key must supply<br />
the CMAC with the appropriate ASCII ID.<br />
Authenticated ASCII ID is used when ordering STE/KOV 14 key. User Representatives<br />
ordering the key must supply the CMAC with a registered DAO code and the associated DAO<br />
descriptor in the proper format. If a new DAO code and DAO descriptor is required, the<br />
account’s STU III <strong>Key</strong> Management Authority must complete and submit a STU III PER to the<br />
CMAC (see article 4.4). The CMAC will respond to the STU III PER with a STU III User<br />
Representative <strong>Key</strong> <strong>Ordering</strong> Authorization form.<br />
5.3.8 Delivery Mechanism<br />
5.3.8.1 Bulk Encrypted Transaction (BET)<br />
This delivery mechanism is used to electronically distribute SDNS key and their associated<br />
attributes and accounting reports. Only accounts equipped with an LMD/KP can receive key<br />
through the BET delivery mechanism. Currently a BET can accommodate a maximum of 16<br />
SDNS keys. The Accounting Legend Code (ALC) for keys delivered in a BET is either ALC 6<br />
or ALC 7.<br />
5.3.8.2 Data Transfer Device (DTD)<br />
The DTD is a fill device designed to securely store, transport and transfer key electronically.<br />
Currently a DTD can accommodate a maximum of 22 SDNS keys during non-Universal<br />
<strong>Key</strong> Orders May 2006 39
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
changeover periods and a maximum of 11 SDNS keys during Universal changeover period.<br />
Refer to the specific equipment doctrine to determine if the equipment can be filled via a DTD.<br />
For further information on the DTD refer to the Canadian <strong>Cryptographic</strong> Doctrine for the<br />
AN/CYZ-10/10A Data Transfer Device (CCD-01).<br />
NOTE: When ordering key that will be loaded into a DTD, the User Representative must also<br />
advise the CCF of the preferred cryptoperiod option for the DTD Transfer <strong>Key</strong> Encryption <strong>Key</strong><br />
(TrKEK) (i.e., quarterly or yearly).<br />
5.3.8.3 <strong>Key</strong> Storage Device (KSD)<br />
The KSD is referred to as a fill device when it contains operational or seed key. The only valid<br />
ALCs for SDNS key delivered on a KSD are ALC 1 or ALC 4.<br />
5.3.8.4 KOV 14C<br />
SDNS key for use with the STE is loaded directly onto the KOV 14C <strong>Cryptographic</strong> Card at the<br />
CCF. SDNS key for one or more than one KOV 14C may be requested on a single order form.<br />
The serial number of the KOV 14C must be included in the remarks column for each applicable<br />
line item. The completed SDNS Order form and the associated STU III Order form, if<br />
applicable, must be sent to the CMAC and the zeroized KOV 14C(s) must be sent to the NDA<br />
via the NCMCS. The transaction number of the associated STU III <strong>Key</strong> Order must be entered<br />
in the Remarks Column of the related SDNS <strong>Key</strong> Order to link the orders.<br />
NOTE: For additional information on the STE/KOV 14C refer to CCD-11.<br />
5.4 MSK <strong>Key</strong> Order Request Form<br />
5.4.1 General<br />
The MSK <strong>Key</strong> Order Request form found in Annex L is used by the User Representative to order<br />
Canadian or U.S. MSK for the KP.<br />
5.4.2 Transaction ID<br />
Each MSK <strong>Key</strong> Order Request must contain an identifier called a Transaction ID. The<br />
Transaction ID consists of the EKMS ID submitting the order, the date (YYYYMMDD) on<br />
which the order is generated and a one-up number beginning at one each calendar year.<br />
5.4.3 Type of <strong>Key</strong><br />
The only valid key types for MSK are Type 1 Canadian operational key or Type 1 U.S.<br />
operational key. This key is always delivered on a KSD as an ALC 1 or ALC 4 item.<br />
5.4.4 EKMS Use Indicator<br />
The EKMS Use Indicator denotes that the key is used in support of EKMS-only transactions.<br />
<strong>Key</strong> identified for use as EKMS may only be used by the account for which it is authorized.<br />
Currently, the only MSKs in use in Canada are EKMS related.<br />
40 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.4.5 Free Form ID<br />
The Free Form ID consists of the EKMS ID of the account that will use the MSK followed by a<br />
colon and then the Privilege Certificate Manager’s EKMS ID. The Privilege Certificate<br />
Manager’s EKMS ID, for GoC departments other than DND DCOR is 845999. The Privilege<br />
Certificate Manager’s EKMS ID for DND DCOR is 844111.<br />
5.5 Traditional <strong>Key</strong> Order Request Form<br />
5.5.1 General<br />
The Traditional <strong>Key</strong> Order Request form, found in Annex M, is used by the STAR or Auth ID to<br />
order Canadian or U.S. Traditional key for a specified equipment type.<br />
Articles 5.5.3, 5.5.5, 5.5.6, 5.5.7, 5.5.10, 5.5.11, and 5.5.12 relate specifically to partially<br />
automated/LCMS accounts.<br />
5.5.2 Transaction Number<br />
Each Traditional <strong>Key</strong> Order Request must contain an identifier called a transaction number. The<br />
transaction number consists of the EKMS ID submitting the order, the date (YYYYMMDD) on<br />
which the order is generated and a one-up number beginning at one each calendar year.<br />
5.5.3 Order Types<br />
5.5.3.1 Short Title Assignment Order<br />
The STAR creates a Short Title Assignment Order to assign a new short title to a cryptonet,<br />
provide the attributes of the short title and register the EKMS IDs for the Auth IDs who are<br />
authorized to place orders for this short title. All the information contained in Blocks A, B and<br />
D must be completed.<br />
5.5.3.2 Generation Order<br />
The Auth ID creates a Generation Order to initiate the generation and distribution of a specific<br />
short title of key. The EKMS ID for the Auth ID must have been listed on the Short Title<br />
Assignment Order for this short title. The information in Blocks A, C and D must be completed.<br />
5.5.3.3 Short Title Assignment/Generation Order<br />
The STAR creates a Short Title Assignment/Generation Order using a single Order form when<br />
there is no requirement to request the assignment of a new short title prior to requesting the<br />
generation of the key. The entire form must be completed.<br />
5.5.3.4 Revision Order<br />
The Auth ID creates a Revision Order to change the key attributes, to change the Auth IDs and<br />
to provide revised generation or distribution information for a specific short title. The<br />
information in Blocks A and D and any required changes in Blocks B and C must be completed.<br />
<strong>Key</strong> Orders May 2006 41
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.5.3.5 Cancellation Order<br />
The Auth ID creates a Cancellation Order to cancel the production of a short title of key and to<br />
disassociate the privileges related to the short title from all EKMS IDs. Blocks A and D must be<br />
completed.<br />
5.5.4 Short Title<br />
The short title for Traditional key must be entered for Generation, Revision and Cancellation<br />
orders. The short title will be provided by the CCF on the Order CRN resulting from the<br />
processing of a Short Title Assignment Order or Short Title Assignment/Generation Order.<br />
5.5.5 Distribution Control<br />
The implicit or explicit selection for distribution control applies only to Traditional key in<br />
electronic format. It identifies whether or not there are restrictions on the distribution of this<br />
short title of Traditional electronic key. If the key is implicitly controlled, it can be distributed in<br />
accordance with the distribution profile for the short title or at the discretion of the Controlling<br />
Authority for the short title. When key is explicitly controlled, the EKMS account holding the<br />
key must have generated or received an electronic distribution instruction directing the<br />
distribution of the key prior to its distribution.<br />
5.5.6 Compatible Short Title<br />
The compatible short title selection identifies if the key is required for delivery in two different<br />
formats (i.e., dual media key). Dual media key is identical key in two different formats (e.g.,<br />
paper key tape and electronic) with two different short titles, which can be used on a single<br />
cryptonet. Dual key is not yet available from the CCF.<br />
5.5.7 Authorized IDs<br />
This box on the key order allows an OPM, STAR or Auth ID to assign responsibility for the<br />
ordering of this short title of key. The EKMS IDs listed will be privileged to submit generation,<br />
revision and cancellation orders and distribution instructions for this short title.<br />
5.5.8 Delivery Mechanism<br />
If the key is to be loaded directly on an accountable COMSEC device (e.g., DTD) by the CCF<br />
for delivery, the serial number of the COMSEC device (i.e., crypto-equipment) must be<br />
included. The completed order form and the zeroized crypto-equipment must be sent to the<br />
NDA via the NCMCS.<br />
5.5.9 CRYPTO Caveat<br />
The caveat CRYPTO is used to indicate the unique sensitivity of the key. The key is subject to<br />
more stringent controls governing access, distribution, storage, accounting, use, and disposal or<br />
destruction. The CRYPTO marking will appear in bold letters on the covers of printed keying<br />
material and codes, on disks, on individual key variables or linked as an attribute to the short title<br />
of electronic key. It is applied (in addition to the security classification or designation) to<br />
42 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
operational, seed, test, and exercise keying material. Maintenance and classroom training key<br />
normally do not bear the CRYPTO caveat.<br />
5.5.10 Handling Restrictions<br />
This selection identifies any handling restrictions. The benign fill only restriction indicates that<br />
the key can only be delivered to the crypto-equipment using benign techniques. The TPI<br />
restriction indicates that two-person integrity is required when handling the key.<br />
NOTE 1:<br />
NOTE 2:<br />
If TPI is selected for key delivered in electronic format, certain LMD/KP<br />
operations will require that a second operator be logged on.<br />
Benign key is not currently available from the CCF.<br />
5.5.11 Release<br />
This box is used to indicate whether or not the key can be released outside of Canada and to<br />
whom it is authorized for release (i.e., U.S., NATO).<br />
5.5.12 <strong>Key</strong> Use<br />
The intended use for the key includes:<br />
a. FFK – FIREFLY <strong>Key</strong> – used to establish a <strong>Key</strong> Encryption <strong>Key</strong> (KEK) or a Traffic<br />
Encryption <strong>Key</strong> between two entities. The KEK or TEK generated from a FIREFLY<br />
exchange is then used in a symmetric encryption algorithm;<br />
b. KEK – <strong>Key</strong> Encryption <strong>Key</strong> – used to encrypt keys;<br />
c. KPK – <strong>Key</strong> Production <strong>Key</strong> – used to produce keys;<br />
d. NFK – Netted FIREFLY <strong>Key</strong>;<br />
e. QKEK – Quadrant <strong>Key</strong> Encryption <strong>Key</strong>;<br />
f. TEK – Traffic Encryption <strong>Key</strong> – used to encrypt traffic over a communications channel;<br />
g. TSK – TRANSEC <strong>Key</strong> – used to protect a communications channel from traffic analysis;<br />
h. TrKEK – Transfer <strong>Key</strong> Encryption <strong>Key</strong> – used by the KP and DTD.<br />
5.5.<strong>13</strong> <strong>Key</strong> Purpose<br />
Not all key purpose selections are available for each equipment type. Contact the CMAC for<br />
assistance on determining which selection is appropriate for the equipment being keyed.<br />
5.5.14 Cryptonet Size<br />
When a cryptonet is being planned, the Head, Client Services, <strong>Cryptographic</strong> Security at CSE<br />
must be informed of the size of the cryptonet and the proposed Controlling Authority for the<br />
cryptonet. Significant changes to the size of the cryptonet must be reported to CSE for reevaluation.<br />
<strong>Key</strong> Orders May 2006 43
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
5.5.15 Crypto Period<br />
The crypto period identified in terms of the number of hours, days, weeks, months or years that<br />
each key remains in effect must be entered.<br />
5.5.16 Segment Per Edition<br />
The number of segments that are required within an edition of the key must be entered.<br />
5.5.17 Supersession Rate<br />
The rate of supersession identified in terms of the number of hours, days, weeks, months or years<br />
that each segment of key remains in effect must be entered.<br />
5.5.18 Effective Date<br />
When completed, the <strong>Key</strong> Order Request must be classified at a minimum of CONFIDENTIAL<br />
if it contains the effective date and UNCLASSIFIED if not included.<br />
5.5.19 In-Place Date<br />
The date at which the key must be received by the EKMS accounts listed in the Distribution<br />
Profile must be entered. This date must take into consideration the lead-time that is required to<br />
process the key order, generate the key and deliver the key. The lead time for the generation and<br />
distribution of hard copy products is significantly longer than for electronic key.<br />
5.5.20 Standing Order<br />
Standing orders are established when a regular requirement for key is established and a resupply<br />
schedule is known. This eliminates the need for any re-orders, subsequent to the initial orders,<br />
unless there is a change in the attributes of the original order (e.g., addition of new net members)<br />
at which time a revision order must be submitted. If it is not a standing order, the key is<br />
scheduled for generation once only. If standing order is specified, key will be automatically<br />
rescheduled for generation.<br />
5.5.21 Edition Information<br />
The first edition (e.g., A, EB), the last edition and the total number of editions to be generated<br />
for this key order must be identified.<br />
5.5.22 Distribution Profile<br />
The distribution profile lists which EKMS accounts are to receive a key or group of keys, what<br />
editions they are to receive and how many copies of each edition.<br />
5.5.23 Accounting Legend Code (ALC) and Rules for Transfer Report Initiating<br />
(TRI)<br />
The ALC is a numeric code used to indicate the minimum accounting controls for COMSEC<br />
items included in the NCMCS.<br />
ALC-1: Continuously accountable by an accounting number or register number to a COR.<br />
44 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
ALC-2: Continuously accountable by quantity to a COR.<br />
ALC-4: Initial receipt required and accountable according to local directives thereafter.<br />
ALC-6: Electronic key tracked by GoC EKMS, continuously accountable, with or without an<br />
accounting number, to a COR.<br />
ALC-7: Electronic key tracked by GoC EKMS, initial receipt to the sender required, no<br />
subsequent reporting; automated local record maintained (locally accountable<br />
thereafter).<br />
1) A TRI line item’s ALC will default to ALC 1 if the TRI is not in a BET, except as<br />
defined below in (3).<br />
2) A TRI line item’s ALC will default to ALC 6 if the TRI is in a BET, except as<br />
defined in (3).<br />
3) A TRI line item’s ALC will default to ALC 4 instead of ALC 1, and ALC 7 instead<br />
of ALC 6 when:<br />
i) <strong>Key</strong> Purpose = M (maintenance);<br />
ii) <strong>Key</strong> Purpose = T (training);<br />
iii) <strong>Key</strong> Purpose = Z (on-the-air testing); and<br />
iv) Classification = unclassified.<br />
Contact the CMAC for assistance with ALC selection for accountable COMSEC material.<br />
5.6 Order Confirmation/Rejection Notice (Order CRN)<br />
The CCF generates an Order CRN for the EKMS account submitting the request in response to<br />
the processing of each key order. It confirms or rejects the requested order. See Annex N for a<br />
sample Order CRN.<br />
NOTE: CRNs for Traditional <strong>Key</strong> Orders are not supported by the CCF at this time.<br />
<strong>Key</strong> Orders May 2006 45
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
46 May 2006 <strong>Key</strong> Orders
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Glossary<br />
Accounting Legend Code (ALC)<br />
Account Registration<br />
Allied <strong>Key</strong><br />
Authentication<br />
Authorized ID<br />
Benign<br />
Benign Fill <strong>Key</strong><br />
Benign <strong>Key</strong>ing<br />
Bulk Encrypted Transaction (BET)<br />
Numeric code used to indicate the minimum<br />
accounting controls for COMSEC items included<br />
in the National COMSEC Material Control<br />
System (NCMCS).<br />
Process by which GoC EKMS accounts are<br />
identified and associated with their administrative<br />
and configuration attributes.<br />
<strong>Key</strong> used by at least two different nations. Allied<br />
key is generated by one of the nations and<br />
released for use to other nations.<br />
A measure designed to provide protection against<br />
fraudulent transmissions or imitations by<br />
establishing the validity of a transmission,<br />
message or originator.<br />
EKMS accounts that are authorized to order a<br />
specific short title of Traditional key.<br />
Condition of cryptographic data such that it<br />
cannot be compromised by human access to the<br />
data.<br />
Benign fill FIREFLY key material is the keying<br />
material used by the <strong>Key</strong> Processors and end<br />
crypto-equipment to create keys used to<br />
encrypt/decrypt application key material and user<br />
data.<br />
<strong>Key</strong>ing method that generates and encrypts key in<br />
GoC EKMS components, such as the <strong>Key</strong><br />
Processor or Canadian Central Facility, and<br />
delivers the key to the end user without<br />
decrypting the key until loaded into the end<br />
cryptographic equipment.<br />
An EKMS transaction containing encrypted<br />
key(s), encrypted key attributes, and encrypted<br />
accounting reports (transfer or issue).<br />
Glossary May 2006 47
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Canadian Central Facility (CCF)<br />
Class 6 Code<br />
Class 6 Field<br />
Classified Information<br />
Command Authority<br />
Communications Security (COMSEC)<br />
Compromise<br />
COMSEC Account<br />
A facility located at CSE which provides<br />
centralized key management services for all forms<br />
of key.<br />
A two-digit numeric code corresponding to a<br />
specific Class 6 field.<br />
A field that appears in the distant STU III<br />
terminal’s two line display. The field contains<br />
additional Class 6 data that is part of the<br />
authentication process. The top line of the display<br />
indicates the highest common classification level<br />
on the left and the Class 6 Code Field information<br />
(e.g., SCI) on the right.<br />
Information related to the national interest that<br />
may qualify for an exception or exclusion under<br />
the Access to Information Act or Privacy Act and<br />
the compromise of which could reasonably be<br />
expected to cause injury to the national interest.<br />
See <strong>Key</strong> Management Authority (KMA).<br />
Protection resulting from applying cryptographic,<br />
transmission and emission security measures to<br />
telecommunication emissions, and information<br />
handling equipment, and from applying other<br />
measures appropriate to COMSEC information<br />
and material. COMSEC also includes the<br />
instruction required to effect this protection.<br />
These measures are designed to prevent<br />
compromise of information stored, transmitted or<br />
processed on an information technology system.<br />
COMSEC is also designed to ensure the<br />
authenticity of telecommunications.<br />
Unauthorized disclosure, destruction, removal,<br />
modification or interruption.<br />
Administrative entity, identified by an EKMS ID,<br />
used to maintain accountability, custody and<br />
control of accountable COMSEC material.<br />
48 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
COMSEC Custodian<br />
COMSEC Equipment<br />
COMSEC Incident<br />
COMSEC Material<br />
Confidentiality<br />
Confirmation/Rejection Notice (CRN)<br />
Controlled <strong>Cryptographic</strong> Item (CCI)<br />
The individual designated by a proper authority to<br />
be responsible for the receipt, custody, issue,<br />
transfer, accounting, safeguarding and destruction<br />
of COMSEC material assigned to a COMSEC<br />
account.<br />
Equipment designed to provide communications<br />
security by converting information to a form<br />
unintelligible to an unauthorized interceptor and,<br />
subsequently, by reconverting such information to<br />
its original form for authorized recipients; also<br />
equipment designed specifically to aid in, or as an<br />
essential element of, the conversion process.<br />
A COMSEC incident is any occurrence which<br />
potentially jeopardizes the security of classified or<br />
designated Government information while it is<br />
being stored, processed, transmitted or received<br />
during the telecommunications process.<br />
Material designed to secure or authenticate<br />
telecommunications. COMSEC Material<br />
includes, but is not limited to, key, equipment,<br />
devices, documents, firmware or software that<br />
embodies or describes cryptographic logic and<br />
other items that perform COMSEC functions.<br />
The sensitivity of information or assets to<br />
unauthorized disclosure, recorded as classification<br />
or designation, each of which implies a degree of<br />
injury should unauthorized disclosure occur.<br />
A notice created as a result of processing a key<br />
order or a Privilege Establishment Request (PER).<br />
Secure telecommunications or information<br />
handling equipment, or associated cryptographic<br />
component or ancillary device that is unclassified<br />
when unkeyed (or when keyed with an<br />
unclassified key) but controlled through an<br />
accounting system.<br />
Glossary May 2006 49
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Controlling Authority<br />
CRYPTO<br />
Cryptonet<br />
Cryptoperiod<br />
DAO Code<br />
Data Transfer Device (DTD)<br />
Decryption<br />
Departmental COMSEC Authority<br />
(DCA)<br />
Departmental Security Officer (DSO)<br />
Designated official responsible for directing the<br />
operation of a cryptonet and for managing the<br />
operational use and control of keying material<br />
assigned to the cryptonet.<br />
A caveat which is applied to keying material<br />
indicating that items so marked are subject to<br />
specific controls governing access, distribution,<br />
storage, accounting, disposal, and destruction.<br />
See <strong>ITSG</strong>-10 or ITSD-01 for definition.<br />
A specific period of time during which a<br />
cryptographic key is in effect.<br />
A unique Department/Agency/Organization<br />
identifier for use in the user specific parts of a<br />
FIREFLY key.<br />
Fill device designed to securely store, transport,<br />
and transfer electronically both COMSEC and<br />
TRANSEC key, designed to be backwards<br />
compatible with the previous generation of<br />
COMSEC common fill devices, and<br />
programmable to support modern mission<br />
systems.<br />
A process that converts encrypted voice or data<br />
information into plain form by reversing the<br />
encryption process.<br />
The individual responsible to the Departmental<br />
Security Officer (DSO) for developing,<br />
implementing, maintaining, coordinating, and<br />
monitoring a departmental COMSEC program<br />
which is consistent with the GSP and its<br />
standards.<br />
The individual responsible for developing,<br />
implementing, maintaining, coordinating and<br />
monitoring a departmental security program<br />
consistent with the GSP and its standards.<br />
50 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Destruction<br />
Digital Signature<br />
Digraph<br />
Distribution Profile<br />
DTD TrKEK<br />
Dual Media <strong>Key</strong><br />
Edition<br />
Effective Date<br />
EKMS Account<br />
EKMS ID<br />
Encryption<br />
The process of destroying (e.g., shredding,<br />
burning, etc.) physical COMSEC material or<br />
destroying electronic key through zeroization or<br />
fill into an end equipment.<br />
A cryptographic transformation of data which,<br />
when appended to a data unit, provides the<br />
services of origin authentication, data integrity,<br />
and signer non-repudiation.<br />
A two character code that identifies the number of<br />
key segments in an edition and the key segment<br />
cryptoperiod.<br />
A list provided by a key orderer or controlling<br />
authority detailing who should receive a key or<br />
group of keys and how many copies of each key<br />
they should receive.<br />
Used to encrypt a key issued by a KP to a DTD.<br />
It is also filled into a DTD to permit it to decrypt<br />
the key for filling into end equipment.<br />
Compatible key that exists in both electronic and<br />
physical format.<br />
Alpha or numeric string that identifies one<br />
issuance of a series, or specific version of,<br />
COMSEC material associated with the same short<br />
title.<br />
Date when a key or other data is intended to be<br />
first used.<br />
A generic term that encompasses an EKMS<br />
Element or a COMSEC Account.<br />
Unique identifier of an EKMS account.<br />
The transformation of readable data into an<br />
unreadable stream of characters using a reversible<br />
coding process.<br />
Glossary May 2006 51
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Exercise <strong>Key</strong><br />
Explicit <strong>Key</strong><br />
Fill<br />
Fill Device<br />
Foreign <strong>Key</strong><br />
<strong>Key</strong> intended to safeguard transmissions<br />
associated with exercises.<br />
Any key which is provided automatic control by<br />
EKMS in accordance with distribution restrictions<br />
prescribed by the controlling authority.<br />
The process of providing key material to an end<br />
crypto-equipment for its internal use.<br />
COMSEC item used to transfer or store key in<br />
electronic form or to insert key into a cryptoequipment.<br />
National key from another nation.<br />
NOTE: Only under extreme circumstances<br />
should national key be used by another nation or<br />
alliance.<br />
Generation<br />
GoC EKMS<br />
Government Secure Telephone Network<br />
(GSTN)<br />
Handling Restrictions<br />
Hard Copy <strong>Key</strong> Products<br />
The process by which the first instance of a key is<br />
created and all Mission System independent or<br />
Mission System dependent data, derivable from a<br />
key order are formed in the format required to fill<br />
the destination COMSEC equipment.<br />
An interoperable collection of automated systems,<br />
facilities and components which provide services<br />
for the ordering, generation, distribution and<br />
management of Canadian COMSEC Material for<br />
the Government of Canada key management user<br />
community.<br />
A computer based system which supports key<br />
management for the STU III through provision of<br />
key generation and distribution within Canada.<br />
A means of controlling the use of Traditional key.<br />
The choices are no restrictions, Two Person<br />
Integrity (TPI), or Benign Fill only.<br />
<strong>Key</strong>, publications, key lists, etc. which exist in<br />
physical format.<br />
52 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Implicit <strong>Key</strong><br />
Integrity<br />
<strong>Key</strong><br />
<strong>Key</strong> Attributes<br />
<strong>Key</strong> Distribution<br />
<strong>Key</strong> Encryption <strong>Key</strong> (KEK)<br />
<strong>Key</strong> Management<br />
<strong>Key</strong> Management Authority (KMA)<br />
Any key whose handling characteristics are<br />
determined solely by policy and procedural<br />
means.<br />
The accuracy and completeness of information<br />
and assets and the authenticity of transactions.<br />
Information (usually a sequence of random or<br />
pseudo random binary digits) used initially to set<br />
up and periodically change the operations<br />
performed in crypto-equipment for the purpose of<br />
encrypting or decrypting electronic signals, for<br />
determining electronic counter-counter-measures<br />
patterns (e.g., frequency hopping or spread<br />
spectrum), or for producing other keys.<br />
The characteristics assigned to a specific key<br />
short title (e.g., ALC, key purpose, key use, etc.).<br />
Secure controlled movement of key from the<br />
point of generation or storage to the point of use<br />
or re-distribution.<br />
<strong>Key</strong> that encrypts or decrypts other keys for<br />
transmission or storage.<br />
Procedures and mechanisms for generating,<br />
disseminating, replacing, storing, archiving, and<br />
destroying keys which control encryption or<br />
authentication processes.<br />
A senior person appointed by a department, an<br />
agency, or an organization to co-ordinate and<br />
oversees STU III, SDNS, and/or MSK key<br />
management within their department, agency, or<br />
organization.<br />
NOTE: The U.S. refers to the <strong>Key</strong> Management<br />
Authority as the Command Authority.<br />
<strong>Key</strong> Material Identification (KMID)<br />
A number that uniquely identifies a FIREFLY<br />
key. It is the identifier used in adding to or<br />
removing from the Compromise <strong>Key</strong> List (CKL)<br />
and to account for FIREFLY key.<br />
Glossary May 2006 53
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
<strong>Key</strong> Processor (KP)<br />
<strong>Key</strong> Production <strong>Key</strong> (KPK)<br />
<strong>Key</strong> Storage Device (KSD)<br />
Local Management Device (LMD)<br />
Message Signature <strong>Key</strong> (MSK)<br />
Modern <strong>Key</strong><br />
National Affiliation Identifier (NAI)<br />
National Central Office of Record<br />
(NCOR)<br />
<strong>Cryptographic</strong> component in EKMS designed to<br />
provide for the local generation of keying<br />
material, encryption and decryption of key, key<br />
loading into fill devices, and message signature<br />
and verification functions.<br />
<strong>Key</strong> used to initialize a key stream generator for<br />
the production of other electronically generated<br />
keys.<br />
A fill device used to store, transport, and transfer<br />
key and other system data.<br />
Component in EKMS that provides automated<br />
services for the management of key and other<br />
COMSEC material, and an interface by which<br />
additional functionality may be incorporated to<br />
enhance its local capabilities. It is composed of<br />
the user-supplied platform, operating system and<br />
EKMS software.<br />
<strong>Cryptographic</strong> material used in a digital signature<br />
process that operates on a message to assure<br />
message source authentication, message integrity,<br />
and source non-repudiation.<br />
A collective name for FIREFLY-based key such<br />
as STU III key, SDNS Communications key and<br />
MSK.<br />
A two-letter country code derived from the ISO<br />
3166, the International Standards Organization<br />
document on codes for the representation of<br />
countries and their subdivisions.<br />
The entity within the COMSEC control section of<br />
CSE which is charged with the responsibility of<br />
maintaining records of accountability for all<br />
accountable COMSEC material produced in or<br />
entrusted to Canada.<br />
54 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
National Distributing Authority (NDA)<br />
National <strong>Key</strong><br />
NATO <strong>Key</strong><br />
Netted FIREFLY <strong>Key</strong><br />
Non-Repudiation<br />
Operational <strong>Key</strong><br />
<strong>Ordering</strong> Privilege Manager (OPM)<br />
Privilege Certificate Manager (PCM)<br />
Privilege Establishment Request (PER)<br />
Register Number<br />
The national entity within the Canadian<br />
COMSEC community responsible for secure<br />
receipt, storage, distribution and disposal of<br />
COMSEC material originating at CSE or received<br />
from or destined to foreign countries.<br />
<strong>Key</strong> used solely by the nation that generated the<br />
key.<br />
<strong>Key</strong> that has been produced for use by NATO<br />
countries.<br />
A FIREFLY key that is managed in the same way<br />
as a Traditional cryptonet.<br />
Non-repudiation provides proof that the<br />
transaction occurred, or that the message was sent<br />
and received thus the parties cannot deny that the<br />
exchange occurred.<br />
<strong>Key</strong> intended for use on-the-air for protection of<br />
operational information or for the production of<br />
secure electrical transmission of key streams.<br />
An EKMS account privileged to appoint and<br />
remove other accounts as an OPM or Short Title<br />
Assignment Requester (STAR) at a generating<br />
account where they are registered as an OPM.<br />
An EKMS account which is authorized to create<br />
KP Privilege Certificates for a specific set of KPequipped<br />
EKMS accounts.<br />
Transaction to request the registration,<br />
modification, or deletion of key ordering<br />
privileges (i.e., OPM, STAR, User<br />
Representative) at a generating account.<br />
Used to uniquely identify individual copies of key<br />
which have the same short title and edition.<br />
Synonymous with accounting number.<br />
Glossary May 2006 55
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Rekey<br />
Release Field - LCMS<br />
Secure Data Network System (SDNS)<br />
Secure Terminal Equipment (STE)<br />
Secure Telephone Unit – Third<br />
Generation (STU III)<br />
Seed <strong>Key</strong><br />
Segment<br />
Sensitive Compartmented Information<br />
(SCI)<br />
SCI <strong>Key</strong><br />
Short Title<br />
The process by which all FIREFLY keying<br />
material, including Benign fill FIREFLY, is<br />
periodically replaced.<br />
An attribute of an electronic key that identifies the<br />
countries, via the country’s National Affiliation<br />
Indicator (NAI), which are authorized to have a<br />
specific key.<br />
Mission system which is a subscriber of EKMS<br />
services and provides end-to-end security services<br />
for the exchange of data between automatic data<br />
processing systems over common carrier<br />
communication networks where no security<br />
services are provided by the common carriers.<br />
A government approved telecommunication<br />
terminal designed to provide secure voice and<br />
data connectivity, conferencing capability, and<br />
other capabilities based on a layered<br />
communications model.<br />
A government approved telecommunication<br />
terminal designed to protect the transmission of<br />
sensitive or classified information in the voice,<br />
data, or facsimile mode.<br />
Initial key containing unique information used to<br />
start an updating or key generation process.<br />
Traditional key that is valid for one cryptoperiod.<br />
Intelligence information requiring special controls<br />
indicating restricted access.<br />
STU III keying material which provides for the<br />
SCI authenticator to be displayed in the Class 6<br />
field of a distant terminal in the secure mode if<br />
both terminals contain that same designator.<br />
Identifying combination of letters and numbers<br />
assigned to certain COMSEC items to facilitate<br />
handling, accounting, and control.<br />
56 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Short Title Assignment Requester<br />
(STAR)<br />
Supersession<br />
Tactical <strong>Key</strong><br />
Test <strong>Key</strong><br />
Traditional <strong>Key</strong><br />
Traffic Encryption <strong>Key</strong> (TEK)<br />
Transfer <strong>Key</strong> Encryption <strong>Key</strong> (TrKEK)<br />
Two-person Integrity (TPI)<br />
Type 0 <strong>Key</strong><br />
Type 1 <strong>Cryptographic</strong> Equipment<br />
Type 1 <strong>Key</strong><br />
An EKMS account privileged to request<br />
assignment of new short titles at a generating<br />
account.<br />
Scheduled or unscheduled replacement of a key or<br />
COMSEC aid with a different edition.<br />
Traffic encryption key, key encryption key, or<br />
transmission security key intended to secure<br />
information or data that is perishable, has low<br />
intelligence value (i.e., low national or<br />
international sensitivity), and is classified no<br />
higher than SECRET.<br />
<strong>Key</strong> intended for on-the-air testing of COMSEC<br />
equipment or systems.<br />
Term used to reference non-FIREFLY-based key<br />
that is generated in accordance with established<br />
procedures.<br />
<strong>Key</strong> used to encrypt plain text or to superencrypt<br />
previously encrypted text and/or decrypt cipher<br />
text.<br />
<strong>Key</strong> used to encrypt and decrypt user key.<br />
Procedure whereby material is never handled or<br />
made available to one person only.<br />
<strong>Cryptographic</strong> key used to generate a <strong>Key</strong><br />
Encryption <strong>Key</strong> (KEK) that can be used to bulkencrypt<br />
keys.<br />
Classified cryptographic or CCI equipment<br />
containing an encryption and/or key exchange<br />
algorithm that has been approved by CSE for the<br />
protection of classified and designated<br />
information.<br />
<strong>Cryptographic</strong> key used for the protection of<br />
classified information up to and including Top<br />
Secret.<br />
Glossary May 2006 57
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Type 2 <strong>Cryptographic</strong> Equipment<br />
Type 2 <strong>Key</strong><br />
Type 3 <strong>Cryptographic</strong> Equipment<br />
Type 4 <strong>Cryptographic</strong> Equipment<br />
User Representative<br />
Zeroize<br />
Unclassified cryptographic equipment, assembly<br />
or component containing encryption provided by<br />
government and/or key exchange algorithms that<br />
have been approved by CSE for the protection of<br />
designated information.<br />
<strong>Cryptographic</strong> key used for the protection of<br />
designated information up to and including<br />
Protected C.<br />
<strong>Cryptographic</strong> equipment containing a public or<br />
proprietary encryption and/or key exchange<br />
algorithm that has been approved by CSE for use<br />
in protecting designated information.<br />
<strong>Cryptographic</strong> equipment containing a public or<br />
proprietary encryption and/or key exchange<br />
algorithm that has not been approved by CSE for<br />
the protection of information.<br />
An individual appointed by the <strong>Key</strong> Management<br />
Authority (KMA) authorized to order STU III<br />
key, SDNS key and/or Message Signature <strong>Key</strong><br />
(MSK).<br />
Remove or eliminate the key from a cryptoequipment<br />
or fill device.<br />
58 May 2006 Glossary
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Bibliography/References<br />
The following references were used in the preparation of this publication:<br />
a. Canadian <strong>Cryptographic</strong> Doctrine for the AN/CYZ-10/10A Data Transfer Device (CCD-01),<br />
dated May 1998, Communications Security Establishment.<br />
b. Canadian <strong>Cryptographic</strong> Doctrine for the Canadian Network Encryption System (CCD-02),<br />
dated September 1998, Communications Security Establishment.<br />
c. Canadian <strong>Cryptographic</strong> Doctrine for the CipherTAC 2000 (CCD-04), dated January 1999,<br />
Communications Security Establishment.<br />
d. Canadian <strong>Cryptographic</strong> Doctrine for the Canadian <strong>Key</strong> Management Unit (CKMU)<br />
(CCD-05), dated April 2000, Communications Security Establishment.<br />
e. Canadian <strong>Cryptographic</strong> Doctrine for the Government of Canada Electronic <strong>Key</strong><br />
Management System (GoC EKMS) (CCD-06), draft dated June 2000, Communications<br />
Security Establishment.<br />
f. Guidelines for the Application of Communications Security in the Government of Canada<br />
(ITSD-01), draft dated May 2001, Communications Security Establishment.<br />
g. Short Title Nomenclature in Canada (<strong>ITSG</strong>-09), dated October 2001, Communications<br />
Security Establishment.<br />
h. Canadian <strong>Cryptographic</strong> Doctrine for the FORTEZZA PLUS <strong>Cryptographic</strong> Card<br />
(KOV 14C) and associated Secure Terminal Equipment (STE) (CCD-11), dated April 2002,<br />
Communications Security Establishment.<br />
i. COMSEC Material Control <strong>Manual</strong> (<strong>ITSG</strong>-10) (formerly MG-14), January 2003,<br />
Communications Security Establishment.<br />
j. Canadian <strong>Cryptographic</strong> Doctrine for the Local Management Device/ <strong>Key</strong> Processor<br />
(LMD/KP) (CCD-07), dated August 2002, Communications Security Establishment.<br />
Bibliography/References May 2006 59
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
60 May 2006 Bibliography/References
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex A – CSE Points of Contact<br />
A.1 General<br />
This Annex provides the telephone numbers and the electronic and mailing addresses for points<br />
of contact at CSE.<br />
A.2 Cryptomaterial Management and Assistance Centre (CMAC)<br />
Telephone number: (6<strong>13</strong>) 991-8600<br />
E-mail address: CMAC@cse-cst.gc.ca<br />
Unclassified Facsimile: (6<strong>13</strong>) 991- 7440<br />
Secure Facsimile: (6<strong>13</strong>) 991-8709<br />
A.3 National COMSEC Incidents Office (NCIO)<br />
Telephone number: (6<strong>13</strong>) 991-8498<br />
E-mail address: ncio@cse-cst.gc.ca<br />
Unclassified Facsimile: (6<strong>13</strong>) 991-8565<br />
Secure Facsimile: (6<strong>13</strong>) 991-8565 (Call 991-8<strong>13</strong>2 for set-up)<br />
A.4 National <strong>Cryptographic</strong> Procedures, Audits and Training (NCPAT)<br />
Telephone number: (6<strong>13</strong>) 991-8173<br />
E-mail address: ncpat@cse-cst.gc.ca<br />
A.5 Head, Client Services, <strong>Cryptographic</strong> Security<br />
Telephone number: (6<strong>13</strong>) 991-8495<br />
E-mail address: its.client.services@cse-cst.gc.ca<br />
Unclassified Facsimile number: (6<strong>13</strong>) 991-8565<br />
Secure Facsimile: (6<strong>13</strong>) 991-8565 (Call 991-8<strong>13</strong>2 for set-up)<br />
A.6 CSE General Inquiries<br />
Telephone Number: (6<strong>13</strong>) 991-7600<br />
Web Site address: http://www.cse-cst.gc.ca<br />
Unclassified Facsimile: (6<strong>13</strong>) 991-8565<br />
Secure Facsimile: (6<strong>13</strong>) 991-8565 (Call 991-8<strong>13</strong>2 for set-up)<br />
Annex A – CSE Points of Contact May 2006 61
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
CSE Mailing Address:<br />
Communications Security Establishment<br />
P.O. Box 9703<br />
Ottawa Postal Terminal<br />
Ottawa, Ontario, Canada<br />
K1G 3Z4<br />
Attn: __________________________________<br />
Name Building Position<br />
CSE Shipping Address:<br />
Communications Security Establishment<br />
719 Heron Road<br />
Ottawa, Ontario, Canada<br />
K1G 3Z4<br />
Attn: __________________________________<br />
Name Building Position<br />
62 May 2006 Annex A – CSE Points of Contact
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex B – Directive on the Control of STU III <strong>Key</strong> for<br />
Sensitive Compartmented Information (SCI) Applications<br />
B.1 Purpose<br />
This directive establishes procedures and assigns responsibilities for the acquisition and control<br />
of STU III key for Sensitive Compartmented Information (SCI) applications. It is intended to<br />
ensure that uniform procedures are implemented throughout the STU III user community in the<br />
Government of Canada (GoC).<br />
B.2 Applicability<br />
This directive applies to all GoC departments participating in the STU III based Government<br />
Secure Telephone Network (GSTN) in conjunction with the acquisition and deployment of<br />
STU III Type 1 terminals within areas authorized to handle SCI.<br />
B.3 Definitions<br />
Class 6 Code A two-digit numeric code corresponding to a specific Class 6<br />
field.<br />
Class 6 Field<br />
Departmental Security<br />
Officer (DSO)<br />
<strong>Key</strong> Management<br />
Authority (KMA)<br />
Sensitive<br />
Compartmented<br />
Information (SCI)<br />
SCI <strong>Key</strong><br />
User Representative<br />
A field that appears in the distant STU III terminal’s two line<br />
display. The field contains additional Class 6 data that is part of<br />
the authentication process. The top line of the display indicates<br />
the highest common classification level on the left and the Class<br />
6 Code Field information (e.g., SCI) on the right.<br />
The individual responsible for developing, implementing,<br />
maintaining, coordinating and monitoring a departmental security<br />
program consistent with the GSP and its standards.<br />
A senior person appointed by a department, agency, or<br />
organization to co-ordinate and oversees STU III, SDNS, and/or<br />
MSK key management within their department, agency,<br />
organization.<br />
Intelligence information requiring special controls indicating<br />
restricted access.<br />
STU III keying material which provides for the SCI authenticator<br />
to be displayed in the Class 6 field of a distant terminal in the<br />
secure mode if both terminals contain that same designator.<br />
An individual appointed by the <strong>Key</strong> Management Authority<br />
(KMA) authorized to order STU III key, SDNS key and/or<br />
Message Signature <strong>Key</strong> (MSK).<br />
Annex B – Directive on the Control<br />
of STU III <strong>Key</strong> for SCI Applications<br />
May 2006 63
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
B.4 Departmental Procedures and Responsibilities<br />
The <strong>Key</strong> Management Authority (KMA) will establish the departmental need for SCI key and<br />
appoint one or more User Representatives from their department through the User<br />
Representative registration process. The User Representative will be assigned the authority to<br />
order SCI key from the Canadian Central Facility (CCF) at CSE as specified in the STU III<br />
Privilege Establishment Request (STU III PER) (Annex D). The DAO Code and description<br />
specified for the SCI key shall include the word “CANADA” in Line 1.<br />
The User Representative will specify the department’s need for SCI key through consultation<br />
with the Departmental Security Officer (DSO).<br />
The DSO will:<br />
a. Verify the clearance and SCI indoctrination level of the intended users;<br />
b. Verify that the area in which the STU III terminal is located has been authorized for SCI; and<br />
c. Authenticate STU III orders for SCI key, using the SCI <strong>Key</strong> Acknowledgement Form<br />
(Annex O).<br />
The User Representative will prepare and submit the STU III <strong>Key</strong> Order form (Annex J) for SCI<br />
key to the Cryptomaterial Management and Assistance Centre (CMAC) at CSE and notify the<br />
COMSEC Custodian of this action. The User Representative will also submit the SCI <strong>Key</strong><br />
Acknowledgement form to the CMAC.<br />
The COMSEC Custodian will instruct SCI cleared users on procedures for loading, operating<br />
and protecting the SCI key.<br />
B.5 CCF Procedures and Responsibilities<br />
The CMAC will verify that all STU III <strong>Key</strong> Orders for SCI key are consistent with the privileges<br />
assigned to the User Representative by the KMA and check for the DSO’s co-signature. In<br />
addition, the CMAC will ensure that the department has a valid TOP SECRET COMSEC<br />
Account registered with the National Central Office of Record (NCOR) as required for the<br />
receipt of TOP SECRET SCI key.<br />
The CMAC will forward the STU III <strong>Key</strong> Order requesting SCI key to the authority in CSE<br />
responsible for the initial accreditation and continued security oversight, in conjunction with the<br />
DSO, of facilities in which SCI is handled. The CSE authority provides the final authorization<br />
for the SCI key request.<br />
The CMAC will begin processing the STU III <strong>Key</strong> Order requesting SCI key and forward a<br />
STU III Order Confirmation/Rejection Notice to the User representative.<br />
The department’s security procedures and facilities must be inspected and approved prior to<br />
receiving SCI key. CSE may perform this function or delegate it to authorized elements within<br />
the requesting department.<br />
B.6 Contractors<br />
The GoC has no requirement at this time to release SCI key to contractors.<br />
64 May 2006 Annex B – Directive on the Control of<br />
STU III <strong>Key</strong> for SCI Applications
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex C – Appointment Certificate<br />
Annex C – Appointment Certificate May 2006 65
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
66 May 2006 Annex C – Appointment Certificate
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex D – STU III Privilege Establishment Request<br />
(STU III PER) Form<br />
Annex D – STU III Privilege Establishment<br />
Request<br />
May 2006 67
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
68 May 2006 Annex D – STU III Privilege Establishment<br />
Request
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex E – SDNS Privilege Establishment Request<br />
(SDNS PER) Form<br />
Annex E – SDNS Privilege Establishment<br />
Request<br />
May 2006 69
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
70 May 2006 Annex E – SDNS Privilege Establishment<br />
Request
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex F – MSK Privilege Establishment Request<br />
(MSK PER) Form<br />
Annex F – MSK Privilege Establishment<br />
Request<br />
May 2006 71
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
72 May 2006 Annex F – MSK Privilege Establishment<br />
Request
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex G – Traditional Privilege Establishment Request<br />
(Traditional PER) Form<br />
Annex G – Traditional Privilege<br />
Establishment Request<br />
May 2006 73
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
74 May 2006 Annex G – Traditional Privilege<br />
Establishment Request
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex H – Privilege Establishment Request<br />
Confirmation/Rejection Notice (PER CRN)<br />
PER CRN<br />
A<br />
Protected<br />
Printed: Mar 02, 2005 02:18 PM<br />
Page 1 of 1<br />
EKMS MESSAGE:<br />
Message ID: 845550-20050302-54239 Message Date: Mar 02, 2005<br />
Source EKMS ID: 845550 Source Element Name:<br />
Destination EKMS ID: 841234 Destination Element Name:<br />
Subject:<br />
Transaction Type Transaction ID Transaction Information Label<br />
SDNS PER CRN 845550-20050302-55240 FOUO<br />
PER CRN TRANSACTION :<br />
Transaction ID: 845550-20050302-55240 Transaction Date: Mar 02, 2005<br />
Source EKMS ID : 845550 Source Element Name :<br />
Destination EKMS ID:841234<br />
Destination Element Name:<br />
CCF KPF Transaction Status: Approved<br />
Transmission Method: Electronic<br />
Overall Status: Confirmation Per Type: SDNS<br />
PER Transaction ID: 841234-20050209-2<br />
Privilege For EKMS ID: 841234 Element Name: 841234<br />
Comments:<br />
----------------------------------------------------------------------------------------------------------------------<br />
NOTHING FOLLOWS<br />
Annex H – Privilege Establishment Request<br />
Confirmation/Rejection Notice<br />
May 2006 75
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
76 May 2006 Annex H – Privilege Establishment Request<br />
Confirmation/Rejection Notice
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex I – <strong>Ordering</strong> Privilege Notice (OPN)<br />
SNDS OPN (Privilege Recipient) Protected A<br />
Printed: Mar 02, 2005 02:18 PM<br />
Page 1 of 1<br />
EKMS MESSAGE:<br />
Message ID: 845550-20050302-54240 Message Date: Mar 02, 2005<br />
Source EKMS ID: 845550 Source Element Name:<br />
Destination EKMS ID: 841234 Destination Element Name:<br />
Subject:<br />
Transaction Type Transaction ID Transaction Information Label<br />
Order Privilege Notice 845550-20050302-55241 FOUO<br />
PER CRN TRANSACTION:<br />
Transaction ID: 845550-20050302-55241 Transaction Date: Mar 02, 2005<br />
Source EKMS ID : 845550 Source Element Name :<br />
Destination EKMS ID:841234<br />
Destination Element Name:<br />
CCF KPF Transaction Status: Approved<br />
Transmission Method: Paper<br />
Overall Status: Sent<br />
Privileged At EKMS ID: 845550<br />
Element Name:<br />
Privileging EKMS ID: 841234 Element Name:<br />
Privilege For EKMS ID: 841234<br />
Element Name:<br />
Privilege Est. Request Type: Add Equipment (Device) Type: KG 175<br />
Maximum Classification: Unclassified <strong>Key</strong> Type Level: Type 1<br />
<strong>Key</strong> Purpose (OP/Test Indicator): Testing EKMS Use (Allowed) Ind.: N<br />
----------------------------------------------------------------------------------------------------------------------<br />
Partition Code Seed/Op Ind. EKR Priv. Ind. ALC<br />
3001 Operational N<br />
NOTHING FOLLOWS<br />
Annex I – <strong>Ordering</strong> Privilege Notice May 2006 77
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
This page intentionally left blank.<br />
78 May 2006 Annex I – <strong>Ordering</strong> Privilege Notice
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex J – STU III <strong>Key</strong> Order Request Form<br />
Annex J – STU III <strong>Key</strong> Order Request Form May 2006 79
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
80 May 2006 Annex J – STU III <strong>Key</strong> Order Request Form
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex K – SDNS <strong>Key</strong> Order Request Form<br />
Annex K – SDNS <strong>Key</strong> Order Request Form May 2006 81
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
82 May 2006 Annex K – SDNS <strong>Key</strong> Order Request Form
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex L – MSK <strong>Key</strong> Order Request Form<br />
Annex L – MSK <strong>Key</strong> Order Request Form May 2006 83
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
84 May 2006 Annex L – MSK <strong>Key</strong> Order Request Form
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
Annex M – Traditional <strong>Key</strong> Order Request Form<br />
Annex M – Traditional <strong>Key</strong> Order Request<br />
Form<br />
May 2006 85
<strong>Cryptographic</strong> <strong>Key</strong> <strong>Ordering</strong> <strong>Manual</strong> (<strong>ITSG</strong>-<strong>13</strong>)<br />
86 May 2006 Annex M – Traditional <strong>Key</strong> Order Request<br />
Form