thanks for your help...really good to see so many people like you help people that want to learn new things.
Is the idea of a community not to share idea's and resources?
I cant see anything telling me about how EMM/ECM works.
I understand the Key prinicpal and how that operates, but applying it to a cable company and how the data is computed is different.
Can you not point me to a resources that would explain it?
What exactly do you want to know ?
ECM's (Entitlement control messages) are periodic messages (8 seconds) which pass the present de-mangle keys for the dvb-csa (common scrambling algorithm) mangler. Csa is the common baseline data scrambler used on dvb systems. All other encryptions systems (NDS, Via, Seca etc) fit on top of csa and use some form of periodic ECM for timely delivery of the required keys.
In Nagra the ECM's are DES encrypted using a 56 bit DES key. These are called the operational keys and are the things that are currently causing so much problem. Nagra uses two of these keys, key0 and key1. Only one key is active at any one time and its called the active key. Having two keys allows the supplier to change the non-active key without interfering with video decryption. When the supplier is confident that most cards will of accepted a new non-active key they can flip the non-active to be the active.
ECM's tend to hold only messages of short duration value. Whilst 56 bit DES is secure in the short time it is possible to crack it given sufficient processing power and time.
As an aside, once a card decrypts an ECM it needs to pass the information to the stb. Passing the unencrypted CSA keys to the box would be a bad idea as it would allow one card to be used to de-scramble many boxes. The solution is to re-encrypt the message using another DES key known only to the stb and the card. This DES key is called the boxkey !
Emm's (Entitlement management messages) are the much more secure as they use a variation of multi 512 bit RSA public key cryptography. This is effectively uncrackable. Emm's are used to send messages to cards concerning subscriptions. ie entitlement tier updates etc. They are also used to send operational key updates (the DES decrypt keys) to the cards.
You may wonder why everthing isn't just decrypted using the very secure RSA algorithms. Well, RSA is very computationally expensive. Relatively speaking it takes a long time to both encrypt and decrypt messages. DES, on the other hand, is fairly secure but computationally easy and relatively fast.