Encryption in DMR: Basic Privacy, Enhanced Privacy and AES
The question "can DMR be encrypted?" comes up regularly: some people want privacy, others simply see an "Encryption" item in the radio's menu and have no idea what it does. Let's get to the heart of it — which protection mechanisms the DMR standard provides at all, how robust they really are, which of them inexpensive amateur radios support, and, most importantly, why encryption on the amateur air is generally forbidden by the rules. This article is about understanding the technology and its professional use, not a call to encrypt the amateur air.
The DMR standard is described in the ETSI TS 102 361 set of specifications (parts 1–4). Protecting the content of voice and data is not a mandatory part of the air interface — it is an add-on that manufacturers implement in different ways. Hence the patchy picture: one radio's "privacy" is not always compatible with another's "privacy".
Three levels of protection in DMR
To put it simply, the DMR world has three fundamentally different approaches, differing in strength by orders of magnitude.
Basic Privacy (scrambler)
The weakest option. This is essentially scrambling — the contents of the slot are shuffled using a fixed short key (often just a number from 1 to 255). There is no real cryptography here: the goal is not protection but keeping out a casual listener with a stock radio. Anyone who knows the key number (or brute-forces the 255 variants) will hear everything. On the air the stream looks like a "distorted" voice rather than noise.
- The key is a short number, identical for every member of the group.
- The strength is close to zero: brute force is trivial, and the key is often "baked into" the codeplug.
- Implementations from different vendors are not always compatible with each other.
Enhanced Privacy (ARC4, 40-bit)
The next step up is Enhanced Privacy, usually built on the ARC4 (RC4-compatible) stream cipher with a key around 40 bits long. This is already a real cipher, and without the key it cannot be cracked on the fly with consumer tools. But 40 bits is a short length by modern standards, and ARC4 itself has long been considered cryptographically obsolete. For commercial communications "shielded from prying eyes" this is enough; for serious protection, it is not.
- Keys are set in the codeplug (CPS) and stored as HEX strings.
- The key length and format differ between manufacturers — Motorola, Hytera and Chinese brands do not guarantee mutual compatibility.
- Enhanced is still "privacy", not government-grade protection.
AES-128 / AES-256
The top tier is AES (Advanced Encryption Standard) with 128- or 256-bit keys. This is a robust modern block cipher used in professional, security and government communications. AES in DMR is, as a rule, an option on expensive professional units (or a licensed firmware "feature"), not a function of a budget amateur radio. AES is exactly what people mean when they talk about "real" DMR encryption.
What amateur radios can actually do
The picture for popular "people's" models is as follows:
- Anytone (D878/D578) — there is an "Encrypt" item in the menu: usually this is Basic and sometimes Enhanced (ARC4). A detailed breakdown of the radio's own settings is in the article on Anytone D878.
- TYT (MD-380/MD-UV390) — Basic Privacy out of the box; AES appears in custom firmware (for example, OpenGD77-style builds) or in commercial versions.
- Retevis and other budget brands — usually Basic, less often Enhanced.
- Professional Motorola/Hytera — support AES, but this function is enabled by a paid license and is available in commercial lineups.
The key trap: "the radio has encryption in the menu" does not mean "the encryption is compatible with the next radio over." Basic on an Anytone and Basic on a TYT are different shuffling algorithms, and interoperability is not guaranteed.
The main point: you may not encrypt on the amateur air
This is not a technical limitation but a principle of amateur radio, enshrined in the regulations of most countries and in the ITU Radio Regulations. The amateur service exists for self-training, experimentation and mutual assistance, and one of its basic conditions is the openness of the transmitted content: messages must not be encoded for the purpose of obscuring their meaning.
- Any means whose purpose is to hide the content of communications from other radio amateurs are forbidden: Basic, Enhanced and AES alike.
- This is not the same as private addressing. A private call in DMR (see private calls by DMR ID) routes voice to a specific subscriber, but the voice itself stays open and is not encrypted — which is allowed.
- Permissible "codes" are service signals and identifying markers (Color Code, DMR ID, talkgroup), not encryption of meaning.
Where DMR encryption is appropriate
DMR encryption is a story about professional and government networks, where radio is used under a commercial or service license rather than an amateur one:
- security, logistics, taxis, construction — protecting commercial secrets and personal data;
- corporate dispatch centers where leaking conversations is unacceptable;
- special services with their own regulations and certified algorithms.
In these scenarios AES is justified, and key management is set up systematically. It is useful for a radio amateur to understand how this works in order to configure commercial equipment correctly at work — but you may not carry these settings over to the amateur air.
Compatibility and key pitfalls
Even when encryption is used lawfully (in a professional network), newcomers trip over the same things:
- Vendor mismatch. "Basic" and "Enhanced" are not strictly standardized — Motorola, Hytera and Chinese radios are often incompatible with each other.
- Key ID. Besides the key value there is its identifier; if the Key ID does not match, reception is silent even though the key itself is correct.
- Silence instead of an error. With a wrong key the radio usually just does not open the squelch — there is no explicit "wrong key" message, and it is hard to diagnose.
- Key storage. Keys sit in the codeplug in plain form; whoever has access to the CPS file has access to the keys.
- Hotspots and networks. Encrypted voice will pass through MMDVM/the repeater as opaque data, but the server cannot decode it (for example, the DMRhub server-side AMBE vocoder works only with an open voice stream).
Your own open DMR network — legal and without encryption
DMRhub is the private amateur network RadioStar with private addressing by DMR ID, its own talkgroups, DMR-SMS and a server-side AMBE vocoder (voice decoding without a hardware dongle). Targeted delivery of a call to a specific operator over a fully open, unencrypted air is exactly what the amateur regulations allow.
Conclusion
DMR has three tiers of protection: the nearly useless Basic Privacy scrambler, the ~40-bit ARC4 stream cipher in Enhanced Privacy, and robust AES-128/256 in professional equipment. Only AES provides real cryptographic protection — and that is precisely what is most often unavailable on budget amateur radios. But the main point is not the technology: in the amateur service, encrypting the meaning of conversations is forbidden, because openness is a basic condition for amateur radio to exist. Understanding the Basic/Enhanced/AES mechanisms is useful for working with commercial equipment, while on the amateur air privacy is achieved through lawful addressing (private calls by DMR ID), not by hiding content.