Online/Offline cipher machine
- wanted item
The Aroflex II was an online/offline
developed in the early 1990s
by Siemens (Germany)
and Philips Usfa (Netherlands)
as the successor to the highly successful Aroflex cipher machine
used by NATO.
It is also known as PDLX-6141 (Philips) and T-1285CA (Siemens).
Development of the machine took many years and only
a limited quantity was ever built.
The image on the right shows a basic Aroflex II setup. It consists of a main
unit, similar to a computer, with a separate monitor and a full keyboard.
The output is printed to an external printer that is similar in design.
At the front of the main unit is the so-called Crypto Ignition Key (CIK)
that is used to protect the internally stored cryptographic keys.
An optional paper-tape reader/puncher could be attached for backwards compatibility
with legacy 5-level teleprinter equipment.
All units are fully shielded and meet NATO TEMPEST requirements.
The basic T-1285
teleprinter was completely developed by
Siemens AG in München (Germany).
It had a built-in text editor that allowed text to be formatted in a
variety of ways.
Philips Crypto BV in Eindhoven (Netherlands)
took care of the crytographic parts that were fully integrated.
The crypto-parts consisted of the Crypto Ignition Key (CIK),
the interface for a standard key filler
and a crypto card with two Philips-developed cryptographic algorithms:
a state-of-the-art Aroflex II algorithm and
another one for compatibility with legacy Aroflex units.
The latter allowed a smooth transition from the thousands of original
Aroflex units in the field, to the new Aroflex II.
The Aroflex II was suitable for encryption and decryption of text in
26, 32 and 256 character mode, both online and offline. It had room for 2 x 32 cryptographic keys
that could be loaded with a standard
such as the NATO-standard
KYK-13. The cryptographic keys were protected
by a Key Encryption Key (KEK), that was divided over the machine's
battery-backed RAM and the Crypto Ignition Key (CIK), so that both were
needed in order to recover the actual keys.
The image on the right shows two of the very few original Crypto Ignition Keys
that have survived. The CIK consists of a robust metal enclosure with
a 5-pin audio connector at the end, and is small enough to be carried in a pocket.
It is slighly shorter than the intial version and has a rigged edge to allow
it to be connected easily.
The CIK communicates with the Aroflex II via a standard 2-wire
When loading the crypto keys, half of the Key Encryption Key (KEK) is stored
in the machine's battery-backed RAM, whilst the other half is stored inside the CIK.
Once the crypto keys were loaded, the CIK and the Aroflex II were paired.
Removing the CIK from the Aroflex, renders the crypto keys useless.
Likewise, a paired CIK can not be used on another Aroflex II unit which
has its own set of keys loaded. In case of an emergency or compromise,
the user would remove the CIK and destroy it if possible.
As an extra
safety measure, the user could also press the ZEROIZE button in order to
delete the other half of the KEK which was stored in battery-backed RAM.
The function of the CIK is similar to that of the
Spendex 40 and
More photographs of the CIKs are available below.
Inside the CIK is a small PCB
with only six electronic components.
At the heart is one of the first EEPROMs that had just
become available in the early 1990s.
The small 8-pin PCD-8582 contains 256 bytes
of non-volatile memory and interfaces via a Philips-standard
I2C bus .
The rightmost photograph above shows
the PCB inside the CIK as it came from the assembly-line.
The Aroflex II had its own built-in word processor with full formatting
capabilities, allowing text messages to be prepaired in a variety of ways,
including ACP127 or as standard 5-letter groups.
The 720 KB floppy disc drive, hidden behind a TEMPEST-safe door
at the front panel, allowed text-based messages to be stored on non-DOS
For security reasons, the Aroflex used its own Siemens-developed proprietary
operating system, making it immune to virusses.
The machine further contained two independent 1
cryptographic units: the all-new
crypto unit, using state-of-the art cryptographic algorithms, and a separate
Aroflex I crypto unit, making it interoperable with the existing
It had a standard key-fill interface that was compatible with
The machine was TEMPEST-proof according to the AMSG720B standard.
Obtaining TEMPEST approval for the monitor appeared to be the most difficult,
as a CRT usually is an enormous source of unwanted radiation.
The printer and the paper-tape unit connected to the
main unit by means of optical fibre.
The Aroflex II was capable of handling both 5-bit
or Baudot-Murray code) and
8-bit data (IA5, derived from ASCII)
with automatic code conversion between the two standards.
This allowed encryption and decryption in 26, 32 and 256 character modes.
Data could be transmitted via existing telephone lines, using
an external modem connected to the CCITT V.24 (RS-232) interface,
or via legacy telex lines (TTY 15V/20mA or 60V/50mA).
Although the brochure  suggests that there were two physically
independent crypto units, there was in fact just one.
The OQ4436 cryptographic chip
that was used, was backwards compatible
with the older OQ4406 and supported both algorithms.
The firmware was able to select between the two algorithms.
The original Aroflex machine (Aroflex I)
is arguably the most
successful encryption device ever built by Philips Usfa/Crypto.
As it was NATO-approved, many thousands of units were sold to the
NATO-countries, including, Canada, Germany,
The Netherlands, Sweden and Turkey.
It was also used by the Dutch government and by the Dutch police.
The original Aroflex was based on a
Siemens T-1000 teleprinter machine,
with a Philips encryption unit bolted to the bottom of it.
In the early 1990s, when the end-of-life for the
T-1000 teleprinter was nearing,
Siemens decided to develop a completely new fully-electronic teleprinter machine
(Telex) with built-in encryption.
It was called the T-1285CA and would be compatible with a number of
data-standards, including full backwards compatibility with the older Aroflex.
Siemens would take care of the teletype unit, the monitor and the tape puncher,
whilst Philips Crypto developed the crypto-module that would reside inside the
T1285. The complete setup, including the optional tape unit is shown above.
Development of the T1285 took several years and costed many millions of Euros.
It appeared to be very difficult to meet the tough NATO TEMPEST requirements
for the complete setup, but the end-result was a robust text encryptor that
fully complied with NATO specifications .
A range of options was available and the Aroflex II could be connected
to a variety of existing networks, including telex, telephone, radio and
(via PAD) to X.28 packet-switched networks.
The T-1285CA was available in two colours: cream for civil and desktop use
and olive green for NATO and other military applications.
Full-colour brochures were issued
both by Siemens
and by Philips,
the latter aming at the existing Aroflex users at NATO and the government.
A complete training program was developed in order to support customers
and maintenance personnel.
The certificate on the right was issued to 2nd and 3rd echelon
maintenance engineers who completed a training session at Siemens' own
training facilities in Unterschliessheim (Germany).
Although no dates are given on the certificate, it was probably issued
Nevertheless, the machine hit the market too late, as by the
mid-1990s, computers were rapidly replacing teletype units. As a result, the
machine was never taken into mass-production and only very few units were built.
It is known that a modest number was delivered to the Belgian Army .
At Philips, the Aroflex II project was given a place in its museum.
Siemens probably sold some more units and was offering it world-wide
in 1994 [5 p.524]. Apparently, they too discontinued the product soon thereafter,
as it is no longer listed in the Jane's Catalogue of 1997 .
The demise of the T-1285 also marked the end of the close cooperation
between the two companies.
However, the basic T-1285 terminal was also used in 1994 by
Crypto AG (Hagelin) in Switzerland,
a company that was largely controlled by Siemens at the time ,
giving them easy access to the hardware.
Crypto AG developed its own cryptographic heart for the terminal
and called it the HC-5700 and the HC-5750,
the difference between the two probably being just the colour.
It was compatible with other members of the HC-5000
CRYPTOMATIC family [6 p.547]. One of the differences with the Philips version
is the presence of a smart-card reader to the right of the CIK.
Only a limited number of Aroflex II machines was ever built and even fewer
machines have survived.
We are still looking for an Aroflex II for our collection.
If you have more information about this machine, please contact us.
- Mathieu Goudsmits, Aroflex II developer at Philips Crypto BV
Interview, Crypto Museum, July 2011.
- Philips Crypto BV, Crypto Communications System AROFLEX II
Full-colour 6-page brochure of the PDLX-6141 Aroflex II. NATO Restricted. 1993.
- Siemens, TEMPEST Crypto Communications System T1285CA
Full-colour 6-page brochure of the T-1285CA.
- Philips Semiconductors, PCX8582X-2 Datasheet
Datasheet of the EEPROM used inside the CIK. 1992-1994.
- Jane's Military Communications, Fifteenth Edition, 1994-95
- Jane's Military Communications, Eighteenth Edition, 1997-98
- Res Strehle, Verschlüsselt. Der Fall Hans Bühler
The full backgrounds about mr. Bühler's arrest in Iran in 1992.
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?|
© Crypto Museum. Created: Tuesday 16 August 2011. Last changed: Saturday, 24 February 2018 - 20:43 CET.