A fill device is an electronic module used to load cryptographic keys into electronic encryption machines. Fill devices are usually hand held and battery operated.
Older mechanical encryption systems, such as rotor machines, were keyed by setting the positions of wheels and plugs from a printed keying list. Electronic systems required some way to load the necessary cryptovariable data. In the 1950s and 1960s, systems such as the U.S. National Security Agency KW-26 and the Soviet Union's Fialka used punched cards for this purpose. Later NSA encryption systems incorporated a serial port fill connector and developed several common fill devices (CFDs) that could be used with multiple systems. A CFD was plugged in when new keys were to be loaded. Newer NSA systems allow "over the air rekeying" (OTAR), but a master key often must still be loaded using a fill device.
NSA uses two serial protocols for key fill, DS-101 and DS-102. Both employ the same U-229 6-pin connector type used for U.S. military audio handsets, with the DS-101 being the newer of the two serial fill protocols. The DS-101 protocol can also be used to load cryptographic algorithms and software updates for crypto modules.
Besides encryption devices, systems that can require key fill include IFF, GPS and frequency hopping radios such as Have Quick and SINCGARS.
Common fill devices employed by NSA include:
Only the KSD-64, CYZ-10, Secure DTD2000, PYQ-10 and KOI-18 can handle modern 128-bit keys. Older units are apparently limited to 90-bit keys. A newer fill device, the Secure DTD2000 System (or SDS), which employs the Windows CE operating system, began production in 2006.[1]