Secure communications is becoming increasingly relevant in the development of space technology. Well established cryptographic technology is already in place and is expected to continue to be so. On the other hand, information theoretical security emerges as a post-quantum versatile candidate to complement overall security strength. In order to prove such potential, performance analysis methods are needed that consider realistic legitimate and eavesdropper system assumptions and non-asymptotic coding lengths. In this paper we propose the design of secure radio frequency (RF) satellite links with realistic system assumptions. Our contribution is three-fold. First, we propose a wiretap channel model for the finite-length regime. The model includes an stochastic wiretap encoding method using existing practical linear error correcting codes and hash codes. Secrecy is provided with privacy amplification, for which the finite-length secrecy metric is given that upper bounds semantic secrecy. Second, we derive a novel RF (broadcast) satellite wiretap channel model that parameterizes the stochastic degraded channel around the legitimate channel, a necessary condition to enable secure communication. Finally, we show the design of a secure satellite physical layer and finite-length performance evaluation. In doing so, we define as sacrifice rate the fixed fraction of the overall coding rate budget for reliability that needs to be allocated to secrecy. Our methodology does not make use of channel side information of the eavesdropper, only assumes worst case system assumptions. We illustrate our proposed design method with numerical results using practical error correcting codes in current standards of satellite communication.