The military possesses control over encrypted GPS.
The military doesn't actually use it, though, for the most part - the keys are sensitive state secrets, and distributing them apparently requires the proverbial man chained to a suitcase level of paperwork.
The encrypted channels are sufficiently underused that drones whose very design is secret that we fly down the Iran-Afghanistan border aren't equipped with them, and so are vulnerable to Iran spoofing a landing-capture course.
Is this symmetric or asymmetric? Seems the keys would only be sensitive if it's the former, given that there (AFAIK) isn't much difference in accuracy between the encrypted and civilian signals anymore. Although, given the very old hardware in the GPS sattelites maybe asymmetric would require too much processing power.
I found an interesting slide deck that talks a bit about spoofing and key management. [0] Apparently there are different levels of classification for keys. (pg 23) But they must be derived keys, right? The satellites are only broadcasting one signal, not multiple signals each keyed to one receiver. I think there can only be one possible cipherstream (and thus one key) in the very low bandwidth signal.
The military doesn't actually use it, though, for the most part - the keys are sensitive state secrets, and distributing them apparently requires the proverbial man chained to a suitcase level of paperwork.
The encrypted channels are sufficiently underused that drones whose very design is secret that we fly down the Iran-Afghanistan border aren't equipped with them, and so are vulnerable to Iran spoofing a landing-capture course.