Here are the complete details of how a key sheet worked:
Output:Table Source: http://users.telenet.be/d.rijmenants/en/enigmaproc.htm
The Heer and Luftwaffe Procedures
To obtain secure communications, the German Heer (Army) and Luftwaffe
(Air Force) used standard procedures to transmit and receive messages.
For a message to be correctly encrypted and decrypted, both the sender
and receiver needed to set up their Enigma in exactly the same way. These
settings were distributed in key sheets. For reasons of security,
different parts of the armed forces had their own network, with different
key sheets and with a network having its own codename.
Each key sheet contained the following information:
Walzenlage: Choice and order of wheels
Ringstellung: The ringsetting, the position of the rotor wiring,
relative to the alphabet rings
Steckerverbindungen: The plug connections on the plugboard
Kenngruppen: Groups to identify the key to the receiver.
The key sheets were distributed on beforehand, and contained the basic
settings for a whole month, per day. In general, the key sheets were in
the custody of an officer, responsible for setting up the machine rotors
and ringsettings. After setup, he could lock the machine front panel
with a key. The operator could only select the rotor start position.
Armee Stabs Maschinenschlussel Nr. 28
(Army Staffs Machine Key No. 28)
---------------------------------------------------------------------------------------
Tag | Walzenlage | Ringstellung | Steckerverbindungen | Kenngruppen
---------------------------------------------------------------------------------------
31 | IV V I | 21 15 16 | KL IT FQ HY XC NP VZ JB SE OG | JKM OGO NCJ GLP
30 | IV II III | 26 14 11 | ZN YO QB ER DK XU GP TV SJ LM | INO UDL NAM LAX
29 | II V IV | 19 09 24 | ZU HL CQ WM OA PY EB TR DN VI | NCI OID YHP NIP
28 | IV III I | 03 04 22 | YT BX CV ZN UD IR SJ HW GA KQ | ZQJ HLG XKY EBT
27 | I II V | 06 22 14 | PO ML IU KJ NH YT GB VF RE DC | EXS TGY IKJ LOP
---------------------------------------------------------------------------------------
o To identify the key that was used for a particular message, the operator had to insert
a five letter group called Buchstabenkenngruppe (letter identification group) as the
first group of the message. The Buchstabenkenngruppe is composed of two randomly selected
letters and one of the four possible three-letter Kenngruppen at the key sheet for that
day. If we take day 31 from the Army Staff key 28 (image above), we see the Kenngruppen
JKM, OGI, NCJ and GLP. In this case, some examples of a correct Buchstabenkenngruppe are
FDJKM, KVOGI or QNNCJ. This five letter group at the start of the message should not be
encrypted with the rest of the message! If a message was devided into several parts, the
operator had to insert another Buchstabenkenngruppe for each part of the message. When
counting the letters for the message header, the five letters of the Buchstabenkenngruppe
must be included. The receiving operator immediately recognized which key was to be
applied by looking at the last three letters of the first group.
o The setting of the machine was typically valid for one day. Using the same settings for a
large number of messages would increase the statistical amount of data to break a
particular key. Therefore, each message was sent with a different startposition of the
Enigma rotors, randomly selected by the operator. This was called the Spruchschlüssel
or message key.
Before 1940, the German military used the daily key and startposition, according to the key
sheet. The operator selected a random message key. This message key was encoded twice, to
exclude errors. As example, the trigram GHK is encoded twice, resulting in XMC FZQ. Next,
the operator moved the rotors to the message key GHK and encoded the message. The two
trigrams, being the encoded message key, were transmitted, together with the message. The
receiver sets his machine on the start position, as described in the codebook, and decodes
the trigrams XMC FZQ back into the GHK message key. Next, he sets the message key GHK as
start position on his machine, to continue decoding the rest of the message. However, this
procedure was actually a security flaw. The message key is encoded twice, resulting in a
relation between first and fourth, second and fifth, and third and sixth character.
Moreover, many message keys on a particular day would have the same setup and startpositions.
This security problem enabled the Polish Cipher Bureau to break the pre-war Enigma messages.
However, German cryptologists were aware of the security flaw and from 1940 on, the Wehrmacht
changed the message key procedures to increase security.
Wehrmacht radio operators now selected for each message a new randomly chosen start position
or Grundstellung, let's say WZA, and random message key or Spruchschlüssel, let's say SXT. He
moved the rotors to the random startposition WZA, and encoded the random message key SXT. Let
us presume that the result was UHL. He sets up the message key SXT as startposition and
encodes the message. Next, he transmits the random start position WZA, the encoded message key
UHL and the message. The receiver sets up the start position according the first trigram WZA,
and decodes the second trigram UHL to obtain the message key SXT. Next, he uses the message
key SXT as startposition to decode the actual message. If a message was devided into several
parts, the operator had to insert a new startposition and message key for each part of the
message.
Example of a typical Wehrmacht message:
1230 = 3tle = 1tl = 250 = WZA UHL =
FDJKM LDAHH YEOEF PTWYB LENDP
MKOXL DFAMU DWIJD XRJZY DFRIO
MFTEV KTGUY DDZED TPOQX FDRIU
CCBFM MQWYE FIPUL WSXHG YHJZE
AOFDU FUTEC VVBDP OLZLG DEJTI
HGYER DCXCV BHSEE TTKJK XAAQU
GTTUO FCXZH IDREF TGHSZ DERFG
EDZZS ERDET RFGTT RREOM MJMED
EDDER FTGRE UUHKD DLEFG FGREZ
ZZSEU YYRGD EDFED HJUIK FXNVB
The message was created at 12h30, consists of three parts (3 teile), of which this is the
first, and contains 250 characters (Buchstabenkenngruppe included). WZA is the startposition
(Grundstellung) to decipher the encrypted message key (Spruchschlüssel) UHL. The
Buchstabenkenngruppe FDJKM shows that the key that was used is the one with Kenngruppe JKM.
Example for decrypt:
U6Z DE C 1510 = 49 = EHZ TBS =
TVEXS QBLTW LDAHH YEOEF
PTWYB LENDP MKOXL DFAMU
DWIJD XRJZ=
To decrypt the message we proceed as follows:
• Select the Wehrmacht Enigma I with B reflector.
• Select the rotors, adjust their ring setting and set the plugs according to key sheet day 27
• Set the rotor start positions to EHZ, the first trigram of the message
• Type in the second trigram TBS to retrieve the original message key. The result should be XWB
• Set the decrypted message key XWB as start position for the three rotors.
• Now decrypt the actual message, but make sure to skip the key identification group TVEXS.
Note: in the pre-war Wehrmacht procedure, each message key was encrypted twice (to exclude errors)
by a fixed secret basic position, valid for the whole day. For instance, with basic setting ABC,
the message key XYZ was keyed in twice, resulting in JKL MNO. Only the double encrypted message key
JKL MNO was sent along with the message. However, this created a mathematical relation between J
and M, K and N, and L and O, a flaw that was exploited by the Polish codebreakers. German
cryptologists understood this flaw and dropped the double encrypted message key in 1939, replacing
it with a random basic position, sent along with a once encrypted message key.