Older mechanical encryption systems, such as rotor machines, were keyed by setting the positions of wheels and plugs from a printed keying list. Electronic systems required some way to load the necessary cryptovariable data. In the 1950s and 1960s, systems such as the U.S. National Security Agency KW-26 and the Soviet Union's Fialka used punched cards for this purpose. Later NSA encryption systems incorporated a serial port fill connector and developed several common fill devices (CFDs) that could be used with multiple systems. A CFD was plugged in when new keys were to be loaded. Newer NSA systems allow "over the air rekeying" (OTAR), but a master key often must still be loaded using a fill device.
NSA uses two serial protocols for key fill, DS-101 and DS-102. Both employ the same U-229 6-pin connector type used for U.S. military audio handsets, with the DS-101 being the newer of the two serial fill protocols. The DS-101 protocol can also be used to load cryptographic algorithms and software updates for crypto modules.
Common fill devices employed by NSA include:
- KYK-13 Electronic Transfer Device
- KYX-15 Net Control Device
- MX-10579 ECCM Fill Device (SINCGARS)
- KOI-18 paper tape reader. The operator pulls 8-level tape through this unit by hand.
- AN/CYZ-10 Data Transfer Device - a small PDA-like unit that can store up to 1000 keys.
- Secure DTD2000 System (SDS) - Named KIK-20, this was the next generation common fill device replacement for the DTD when it started production in 2006. It employs the Windows CE operating system.
- AN/PYQ-10 Simple Key Loader (SKL) - a simpler replacement for the DTD.
- KSD-64 Crypto ignition key (CIK)
- KIK-30, a more recent fill device, is trademarked as the "Really Simple Key Loader" (RASKL) with "single button key-squirt." It supports a wide variety of devices and keys.
The older KYK-13, KYX-15 and MX-10579 are limited to certain key types.