mkuload - extract MKU key data from PDUS A-format data and manage MKU device

mkuload - Extract MKU key data from PDUS A-format data and manage MKU device

SYNOPSIS

mkuload  [ parameter=value ]

Parameters are: operation, site_numbers, key_numbers, restore_file, on_pass_disk, pass_number, pass_file, need_match, debug.

DESCRIPTION

mkuload is a utility for managing a EUMETSET Meteosat Key Unit (MKU). An MKU is used to

Store encryption key data for 256 keys, and

Generate decryption information for a given Meteosat pass.

The key used to encrypt each Meteosat image channel is specified in the telemetry stream. The MKU combines an identification field in the pass with key data stored in the MKU to produce the necessary decryption information.

Encryption key data is transmitted to receiving stations as part of the normal Meteosat PDUS telemetry stream. Key data records from PDUS A-format header frames contain the following information: The same key data record is repeated several times within a given PDUS A-format transmission.

Generally speaking, if key K was used to encrypt a Meteosat image channel in the current pass, then data for key k would have been transmitted to receiving stations in some previous pass. This means that a receiving station should capture as many Meteosat passes as possible in order to keep the MKU loaded with the latest key data.

mkuload performs any one of the following operations:

load: Read MKU key data from PDUS A-format header frames, corresponding to the user's MKU device, and load this key data into the MKU. An MKU has 256 different keys, any of which can be used to encrypt a Meteosat image channel. The need_match parameter specifies the number of consecutive, identical redundant copies of key data that must be found before loading that data into the MKU.

check: Report the key data currently loaded in the MKU for a user-specified list of key numbers. Keys are numbered between 0 and 255. This report is written to UNIX stdout and can be redirected to an ASCII file using standard shell output redirection.

restore: Read key data from an ASCII file, and load this key data into the MKU. The format of the ASCII file is compatible with the output from the check operation; lines are expected to look like

key bf (191) - DE 8D 0B BA 61 90 59 ED key c0 (192) - B6 5C 92 3A 69 01 DE 24

decrypt: For a given pass, find which keys were used to encrypt the different image channels. Use the MKU to generate the information needed to decrypt the data and save that information into the first PDUS frame. If no image channels are encrypted, then no decryption information is saved.

passkeys: Read MKU key data from PDUS A-format header frames, corresponding to a user specified list of MKU devices, and report to UNIX stdout. As with the check operation, this report can be redirected to an ASCII file. Lines from this report will look like

mku 00129 key bf (191) - DE 8D 0B BA 61 90 59 ED mku 00053 key c0 (192) - B6 5C 92 3A 69 01 DE 24

Key data from this report can be loaded into an MKU using the restore operation, provided the 'mku ##### ' is stripped off the front of the records.

admin: Read the Meteosat admin message from PDUS header frames and report to UNIX stdout. This operation has really nothing to do with MKU management, but is provided here because mkuload is adept at processing PDUS header info and is simpler to use than metin.

Access to the MKU device is required for all operations except passkeys and admin. The serial port for the MKU device is specified by the environment variable MKU_DEVICE.

For every Meteosat pass, it is recommended that mkuload be run twice, first with operation=load, then with operation=decrypt operation. The load operation makes sure the MKU is loaded with the latest key data. The decrypt operation saves the information needed to decrypt the pass data in the first telemetry frame.

NOTE: The decrypt operation should be run before archiving the data. If not, access to the MKU will be required to decrypt archived data in the future.

PARAMETERS

operation: Any one of the operations decribed above. The default is check.

site_numbers: List of MKU numbers. Used only when operation=passkeys. MKU numbers are any non-negative integers. There is no default.

key_numbers: List of key numbers for which currently loaded MKU key data will be reported. Used only when operation=check. Key numbers are in the range [0, 255]. There is no default.

restore_file: Name of an ASCII file containing key data. Used only when operation=restore. The format of the file is described above. There is no default.

on_pass_disk: Indicates whether or not the input PDUS data is on standard TeraScan numbered pass partitions. Used only if operation=load or operation=decrypt. The default is yes.

pass_number: 1-relative number of the pass partition containing the input PDUS data. The default is the partition containing the last pass received. Used only if on_pass_disk=yes for load or decrypt operations.

pass_file: Name of the disk file containing the input PDUS data. There is no default. Used only if on_pass_disk=no for load or decrypt operations.

need_match: The number of consecutive, identical, redundant copies of of key data that must be found before loading that data into the MKU. Used only when operation=load. This number must be between 1 and 10. The default is 3.

debug: OPTIONAL. Indicate whether or not additional debug print output is to be generated by mkuload. Not intended for normal user usage. The default is no.

EXAMPLES

% echo $MKU_DEVICE
/dev/ttyb

% mkuload
operation      : char(  5) ? [check] load
on_pass_disk   : char(  3) ? [yes] no
pass_file      : char(255) ? /extra/m5/pass_a
need_match     : int       ? [3]
/dev/ttyb: MKU number 153
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49
key c1 (193) - c8 be 55 72 21 f0 62 49

% mkuload
operation      : char(  5) ? [check]
key_numbers    : int (256) ? 190^200
/dev/ttyb: MKU number 153
key be (190) - DE 8D 0B BA 61 90 59 ED
key bf (191) - DE 8D 0B BA 61 90 59 ED
key c0 (192) - B6 5C 92 3A 69 01 DE 24
key c1 (193) - C8 BE 55 72 21 F0 62 49
key c2 (194) - 75 C6 2C CB 15 4D E6 4B
key c3 (195) - EB 1A E6 92 36 EE CD 28
key c4 (196) - B6 5C 92 3A 69 01 DE 24
key c5 (197) - B6 5C 92 3A 69 01 DE 24
key c6 (198) - B6 5C 92 3A 69 01 DE 24
key c7 (199) - B6 5C 92 3A 69 01 DE 24
key c8 (200) - B6 5C 92 3A 69 01 DE 24

NOTES

For more information on the Meteosat data decryption and MKU functionality, see Meteosat High Resolution Image Dissemination Encryption Infrastructure. User Guide, EUMETSAT, EUM TD 02(R), Vol. 1.

If you've been receiving Meteosat data, but only recently took possession of an MKU, the following C-shell fragment will help bootstrap the MKU. Assume that the number of your MKU is N, and that the environment variable MKU_DEVICE has been set to appropriate serial port:

    rm -f /tmp/mku

    foreach PASS ( 1 2 3 4 ... )

      mkuload operation=passkeys site_numbers=N
          on_pass_disk=yes pass_number=$PASS |
          sort -u | sed -e 's/^mku ..... //' >> /tmp/mku

    end

    mkuload operation=restore restore_file=/tmp/mku

Last Update: $Date: 1998/05/29 18:42:34 $