View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
October 22, 2019updated 21 Jul 2022 7:54am

EXCLUSIVE – Last Punched Tape Crypto Key Rolls off the NSA’s Machines

After decades in use, last paper tape crypto key punched...

By CBR Staff Writer

The US’s National Security Agency (NSA) has ended production of punched paper tape cryptographic keys after over 50 years’ use; making its final shift to an electronic cryptographic key production and distribution architecture.

An agency spokesman confirmed to Computer Business Review that the last NSA punched tape key had rolled off its machines on October 2, 2019. Such keys were used to encrypt military and other communications, and needed to be physically entered into devices that could store the key, then shipped around the world.

The technology, which uses paper-mylar-paper tape rolls punched with holes to store cryptographic keys (a hole represents a binary 1, and the absence of a hole a binary 0) remains in use in the UK, particularly by the Ministry of Defence.

NSA punched tape

The NSA only confirmed the end of the programme and declined to provide an image of the now obsolete kit.

Neal Ziring, technical director of the NSA’s Capabilities Directorate, told us earlier this year that the signals intelligence agency produced millions of the physical crypto keys per year during the 1980s but was now down to the hundreds annually.

He joked of the last production run: “We’ll probably have a party.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Read this: Tale of the Tape: The NSA’s Neal Ziring on the Slow Death of Punched Tape Crypto Keys

Such cryptographic keys (used for symmetric algorithms widely deployed by the military) are physically shipped around the country in tamper-proof canisters.

Ziring attributed the longevity of the technology, despite digital alternatives, to slow military equipment replacement cycles: “Once the military gets a tactical radio or something that they like, they tend to use it for a long while.

“We’ve been working with our military partners to get them off key tape for, oh jeez, well over a decade; probably longer.”

NSA Punched Tape Programme Ends; UK Lags Behind

Physical keys remain in widespread use in the UK. In 2018 the UK Key Production Authority, which sits  under the NCSC, processed [pdf] 3,800 orders for key material; or 145,000 physical keys for 170 customers across government.

Richard Flitton, managing director of L3 TRL; a Tewkesbury-based specialist in advanced electronic security systems, earlier told Computer Business Review that ongoing use of the technology was a security issue.

He said: “There’s two issues here: one is that you’ve got to distribute the key, so you’ve got to physically move the things around the country or even overseas. If you’re moving things they’re vulnerable to being intercepted or compromised. Then secondly there’s the cost and logistical burden of doing all that.

“The authority has a huge challenge to produce all those keys and then it’s got a challenge to distribute and install them all. I won’t describe what happens. But if Joe Public knew, you would think this was all a bit 1960s really.”

As Ziring explained earlier, digital cryptographic key management rendered comsec accounting and logistics a lot more straightforward.

In terms of how that works: “A base or a depot would have an outpost of the key management system – there are various form factors for that – right on base.

“If they’re trying to put keys into some military aircraft; they’d have ‘fill devices’ in the hanger, you fill up the key fill device from the KMS, you take it around the airplanes – you’re talking about walking a couple hundred meters… It’s not like trying to ship it [a punched tape key] from Maryland out to a base from the other side of the world.”

A PDP 11-34, National Museum of Computing, Bletchley Park. Credit: Loz Pycock

Such tape can either be used as a one-time key, roughly equivalent to a one-time pad to directly encipher a message (this was long ago phased out) or used to store a crypto variable; the key for a symmetric algorithm.

A blog by the NSA itself described the technology: “Each 5,000 foot roll of Paper-Mylar-Paper-tape moving through the production line at one foot per second represented the raw material on which the COMSEC key would be punched and printed.

“Keeping the punch and print operations moving with the necessary speed and precision presented a serious engineering challenge. Borrowing from the technology of magnetic tape drives, the development team came up with vacuum wells which were incorporated into the system to physically regulate the flow of the tape.

The software development engineer and crypto software programmer’s of such punch, verification, print (PVP) systems in the 1970s had to write the main system software for the DEC PDP-11 computer that would import cryptologic key and oversee the entire tape production process entirely in assembly language.

“This task was daunting and would be considered the equivalent of travelling from Baltimore to Los Angeles on hands and knees by today’s programmers.”

Read this: Frustration Grows at the UK’s Slow Efforts to Move on from Punched Tape 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.