Spy radio
Burst encoders
• • • Donate • • •
   Logo (click for homepage)
Aroflex II   T-1285CA
Online/Offline cipher machine - wanted item

The Aroflex II was an online/offline encryption device developed in the early 1990s by Siemens (Germany) and Philips Usfa (Netherlands) as the successor to the highly successful Aroflex cipher machine used by NATO. It is also known as PDLX-6141 (Philips) and T-1285CA (Siemens). Development of the machine took many years and only a limited quantity was ever built.
The image on the right shows a basic Aroflex II setup. It consists of a main unit, similar to a computer, with a separate monitor and a full keyboard. The output is printed to an external printer that is similar in design.

At the front of the main unit is the so-called Crypto Ignition Key (CIK) that is used to protect the internally stored cryptographic keys. An optional paper-tape reader/puncher could be attached for backwards compatibility with legacy 5-level teleprinter equipment. All units are fully shielded and meet NATO TEMPEST requirements.
Promotional photograph of the Aroflex II (taken from brochure) [2]

The basic T1285 teleprinter was completely developed by Siemens AG in München (Germany). It had a built-in text editor that allowed text to be formatted in a variety of ways. Philips Crypto BV in Eindhoven (Netherlands) took care of the crytographic parts that were fully integrated.

The crypto-parts consisted of the Crypto Ignition Key (CIK), the interface for a standard key filler and a crypto card with two Philips-developed cryptographic algorithms: a state-of-the-art Aroflex II algorithm and another one for compatibility with legacy Aroflex units. The latter allowed a smooth transition from the thousands of original Aroflex units in the field, to the new Aroflex II.
Key management
The Aroflex II was suitable for encryption and decryption of text in 26, 32 and 256 character mode, both online and offline. It had room for 2 x 32 cryptographic keys that could be loaded with a standard key-fill device, such as the NATO-standard KYK-13. The cryptographic keys were protected by a Key Encryption Key (KEK), that was divided over the machine's battery-backed RAM and the Crypto Ignition Key (CIK), so that both were needed in order to recover the actual keys.
The image on the right shows two of the very few original Crypto Ignition Keys that have survived. The CIK consists of a robust metal enclosure with a 5-pin audio connector at the end, and is small enough to be carried in a pocket. It is slighly shorter than the intial version and has a rigged edge to allow it to be connected easily.

The CIK communicates with the Aroflex II via a standard 2-wire I2C interface. When loading the crypto keys, half of the Key Encryption Key (KEK) is stored in the machine's battery-backed RAM, whilst the other half is stored inside the CIK.
Initial CIK design (left) and final version (right)

Once the crypto keys were loaded, the CIK and the Aroflex II were paired. Removing the CIK from the Aroflex, renders the crypto keys useless. Likewise, a paired CIK can not be used on another Aroflex II unit which has its own set of keys loaded. In case of an emergency or compromise, the user would remove the CIK and destroy it if possible.

As an extra safety measure, the user could also press the ZEROIZE button in order to delete the other half of the KEK which was stored in battery-backed RAM. The function of the CIK is similar to that of the Spendex 40 and Spendex 50. More photographs of the CIKs are available below.
Initial CIK design (left) and final version (right) Initial CIK design New design CIK Holding the CIK Close-up of the connector of the CIK Aroflex II - Crypto Ignition Key (CIK) in the palm of a hand The PCB inside the CIK during production

Inside the CIK is a small PCB with only six electronic components. At the heart is one of the first EEPROMs that had just become available in the early 1990s. The small 8-pin PCD-8582 contains 256 bytes of non-volatile memory and interfaces via a Philips-standard I2C bus [4]. The rightmost photograph above shows the PCB inside the CIK as it came from the assembly-line.
Technical description

The Aroflex II had its own built-in word processor with full formatting capabilities, allowing text messages to be prepaired in a variety of ways, including ACP127 or as standard 5-letter groups. The 720 KB floppy disc drive, hidden behind a TEMPEST-safe door at the front panel, allowed text-based messages to be stored on non-DOS formatted discs. For security reasons, the Aroflex used its own Siemens-developed proprietary operating system, making it immune to virusses.

The machine further contained two independent 1 cryptographic units: the all-new Aroflex II crypto unit, using state-of-the art cryptographic algorithms, and a separate Aroflex I crypto unit, making it interoperable with the existing Aroflex. It had a standard key-fill interface that was compatible with DS-102 and CSESD. The machine was TEMPEST-proof according to the AMSG720B standard. Obtaining TEMPEST approval for the monitor appeared to be the most difficult, as a CRT usually is an enormous source of unwanted radiation. The printer and the paper-tape unit connected to the main unit by means of optical fibre.

The Aroflex II was capable of handling both 5-bit (ITA2 or or Baudot-Murray code) and 8-bit data (IA5, derived from ASCII) with automatic code conversion between the two standards. This allowed encryption and decryption in 26, 32 and 256 character modes. Data could be transmitted via existing telephone lines, using an external modem connected to the CCITT V.24 (RS-232) interface, or via legacy telex lines (TTY 15V/20mA or 60V/50mA).
  1. Although the brochure [2] suggests that there were two physically independent crypto units, there was in fact just one. The OQ4436 cryptographic chip that was used, was backwards compatible with the older OQ4406 and supported both algorithms. The firmware was able to select between the two algorithms.

The original Aroflex machine (Aroflex I) is arguably the most successful encryption device ever built by Philips Usfa/Crypto. As it was NATO-approved, many thousands of units were sold to the NATO-countries, including, Canada, Germany, The Netherlands, Sweden and Turkey. It was also used by the Dutch government and by the Dutch police. The original Aroflex was based on a Siemens T-1000 teleprinter machine, with a Philips encryption unit bolted to the bottom of it.

Complete Siemens T-1285CA setup. Photograph taken from the brochure [3].
In the early 1990s, when the end-of-life for the T-1000 teleprinter was nearing, Siemens decided to develop a completely new fully-electronic teleprinter machine (Telex) with built-in encryption. It was called the T-1285CA and would be compatible with a number of data-standards, including full backwards compatibility with the older Aroflex. Siemens would take care of the teletype unit, the monitor and the tape puncher, whilst Philips Crypto developed the crypto-module that would reside inside the T1285. The complete setup, including the optional tape unit is shown above.
Development of the T1285 took several years and costed many millions of Euros. It appeared to be very difficult to meet the tough NATO TEMPEST requirements for the complete setup, but the end-result was a robust text encryptor that fully complied with NATO specifications [1].

A range of options was available and the Aroflex II could be connected to a variety of existing networks, including telex, telephone, radio and (via PAD) to X.28 packet-switched networks.

The T-1285CA was available in two colours: cream for civil and desktop use and olive green for NATO and other military applications. Full-colour brochures were issued both by Siemens and by Philips, the latter aming at the existing Aroflex users at NATO and the government.

A complete training program was developed in order to support customers and maintenance personnel. The certificate on the right was issued to 2nd and 3rd echelon maintenance engineers who completed a training session at Siemens' own training facilities in Unterschliessheim (Germany). Although no dates are given on the certificate, it was probably issued around 1993.
Certificate issued by Siemens to maintenance engineers after completing the training.

Nevertheless, the machine hit the market too late, as by the mid-1990s, computers were rapidly replacing teletype units. As a result, the machine was never taken into mass-production and only very few units were built. It is known that a modest number was delivered to the Belgian Army [1].
The End
At Philips, the Aroflex II project was given a place in its museum. Siemens probably sold some more units and was offering it world-wide in 1994 [5 p.524]. Apparently, they too discontinued the product soon thereafter, as it is no longer listed in the Jane's Catalogue of 1997 [6]. The demise of the T-1285 also marked the end of the close cooperation between the two companies.
Crypto AG   Hagelin
However, the basic T-1285 terminal was also used in 1994 by Crypto AG (Hagelin) in Switzerland, a company that was largely controlled by Siemens at the time [7], giving them easy access to the hardware. Crypto AG developed its own cryptographic heart for the terminal and called it the HC-5700 and the HC-5750, the difference between the two probably being just the colour. It was compatible with other members of the HC-5000 CRYPTOMATIC family [6 p.547]. One of the differences with the Philips version is the presence of a smart-card reader to the right of the CIK.
Help required
Only a limited number of Aroflex II machines was ever built and even fewer machines have survived. We are still looking for an Aroflex II for our collection. If you have more information about this machine, please contact us.
  1. Mathieu Goudsmits, Aroflex II developer at Philips Crypto BV
    Interview, Crypto Museum, July 2011.

  2. Philips Crypto BV, Crypto Communications System AROFLEX II
    Full-colour 6-page brochure of the PDLX-6141 Aroflex II. NATO Restricted. 1993.

  3. Siemens, TEMPEST Crypto Communications System T1285CA
    Full-colour 6-page brochure of the T-1285CA.

  4. Philips Semiconductors, PCX8582X-2 Datasheet
    Datasheet of the EEPROM used inside the CIK. 1992-1994.

  5. Jane's Military Communications, Fifteenth Edition, 1994-95
    ISBN 0-1706-1163-3.

  6. Jane's Military Communications, Eighteenth Edition, 1997-98
    ISBN 0-1706-1530-2.

  7. Res Strehle, Verschlüsselt. Der Fall Hans Bühler
    The full backgrounds about mr. Bühler's arrest in Iran in 1992.
    ISBN 3-85932-141-2.

Further information

Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Last changed: Sunday, 13 September 2015 - 10:22 CET.
Click for homepage