Yes, It Is Legal To Use Cryptographic Signature on Amateur Radio. And That’s Important!

It seems there is widespread confusion about using cryptographic signature on Amateur Radio. Cryptographic signature is a way to “sign” a message that remains in the clear, authenticating the sender’s identity and that the text of the message is exactly what the sender wrote. Can you use it on the air? The uninformed say “you can’t use cryptography on the air”, but the truth is more nuanced.

Part 97, in several places, prohibits messages encoded for the purpose of obscuring their meaning. This is either using spread spectrum or an undisclosed code. Exceptions are made for satellite control.

Is cryptographic signature obscuring the meaning of the message? NO! It leaves the message text in the clear, and adds authenticating data. Thus, you may use cryptographic signature on the air. The message itself and identity of the sender MUST be clearly readable by everyone.

Yes, there is a secret in cryptographic signature, which is some private key used for either public-key or symmetrical encryption. But nothing in the cryptographic signature conveys that secret. The cryptographic signature is just a number that, when matched with another number, says “someone who knew a particular secret authored this message, with this exact text”. That doesn’t obscure anything.

This is actually REALLY important for modern Amateur radio. With new digital satellites, we will be able to use digital signature to authenticate that all of the users are actually hams, and we’ll be able to keep the non-hams off of the satellite. This is already in development at Open Research Institute, and elsewhere.

Did you know that ARRL is already ready for hams to use digital signature? LOTW is a certification authority! You can extract an X.509 private and public key from your LOTW certificate, load it into your web browser, and authenticate yourself with it to any software that has the ARRL CA certificate loaded. Don’t do that over the air, the HTTPS protocol implemented in browsers definitely obscures the message. But you can use the same certificate to sign a message and leave the message contents in the clear.

Did you know that there is even a registered extension to X.509 for callsigns?

This also gives us a way to control systems over the air without encrypting the control message, and without allowing unauthorized persons to control those same systems. Wouldn’t you like to use that when you convert your repeater, etc., from touch-tone to digital control?

Slims will be non-existent or not last long. If they steal your key, you can repudiate it.