SUMMARY
=======
In certain circumstances, the nCipher MSCAPI CSP Install Wizard support
software on Windows 2000 will set the nCipher CSP key generation
behavior incorrectly. Despite the user requesting Operator Card Set
protection for keys (`cardset protected keys') that are generated using
the nCipher CSP, a software error might result in keys being protected
by the module alone.
BACKGROUND
==========
1. Security world
-----------------
nCipher's key management modules (nForce/nShield) are generally
used with nCipher's suite of utilities for managing a `security
world'. A security world is a collection of cryptographic keys,
smart cards, modules and associated data stored on host computers.
A security world is designed to prevent unauthorized access to
application keys while maintaining scalability and key availability.
The core security world secrets are protected by Administrator Cards
written by the initialization software and kept safe by the user.
Application keys can either be made available to any nCipher module
appropriately programmed with the user's Administrator Cards (module
protected keys) or they can be protected by further smart cards known as
Operator Cards that provide an additional layer of security.
2. The nCipher CSP
------------------
If the CSP is set up to use module-protected keys, when applications
tell the CSP to create a key, it needs no input from the user. If the
CSP is set up to use Operator Cards and is told to create a key, it
first looks to see if there are any cards which it can load
automatically, and uses those if any are present. If not, it prompts
the user to choose which Operator Card Set to use.
ISSUE DESCRIPTION
=================
1. Cause
--------
The Install Wizard for the nCipher CSP support software on Windows 2000
offers a check box for controlling whether a key to be generated is
module protected or to be additionally protected by an Operator Card
Set.
When the Install Wizard is used to create an Operator Card Set then the
nCipher CSP key generation behaves as requested by the user.
If cardset protection is selected from the Install Wizard but a new
Operator Card Set is *not* created, the wizard incorrectly sets the
nCipher CSPs up to use module protection for all keys that they
subsequently create.
2. Impact
---------
If the user is affected by this issue, any application key generated
by the nCipher CSP will be incorrectly protected by the module alone,
rather than by a combination of operator card set and module.
This means that an attacker, who gains control of any nCipher module,
that
has been programmed into the key's security world can gain unauthorized
access to this key, since no further smart card authorization is
required.
3. Who May Be Affected
----------------------
This problem only affects keys that have been generated by the nCipher
CSP after the Install Wizard from CD version 5.50 has been run.
The problem does not affect keys that were
* generated by any software other than the nCipher CSP, or
* generated by the nCipher CSP using the Install Wizard from any CD
other than version 5.50.
4. How To Tell If You Are Affected
----------------------------------
To find out whether you're affected, run `c:\nfast\bin\csputils.exe -d'
from the command line. This will give you a detailed summary of all your
containers and information for the keys they contain.
Each key (key exchange and/or signature) will have a description
including whether or not it was generated by the nCipher CSP, its hash,
and its protection method.
A cardset protected key (here stored in a container called `expimptst')
will have an entry like the following (lines have been truncated for
clarity):
Detailed report for container ID #cbfb7b11909b40ddc50da759d6029...
Filename: key_mscapi_container-cbfb7b11909b40ddc50da759d6...
Container name: expimptst
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_expimptst-ncsp-ujam...
Key was generated by the CSP
Key hash: 92c60edf376c26e9ee76db3a2a70dd031636a218
Key is recoverable.
Key is cardset protected.
Cardset name: mscapi-grimsby
Sharing parameters: 1 of 1 shares required.
Cardset hash: 4eb80f966c13bd735cb50f29ef19e5e...
Cardset is persistent.
and a module protected key will have one like the following:
Filename: key_mscapi_container-32a16394a3ffe52eb4db1127d8...
Container name: james
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_6fa4c59efefb6c01db6...
Key was generated by the CSP
Key hash: 6fa4c59efefb6c01db6eca9f1eadbb17158fc2a8
Key is recoverable.
Key is module protected.
If you have keys unexpectedly module protected when they should be
cardset protected you are affected by this bug.
REMEDY
======
1. Users who have NOT already created a key with the wrong protection
---------------------------------------------------------------------
In order to force MSCAPI applications to generate cardset protected keys
a file `wizardfix.reg' should be created containing the following text:
------------ CUT HERE --------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\nCipher\Cryptography]
"UseModuleKeys"=dword:0000000
------------ CUT HERE --------------
This file can then be run by the user to change the appropriate registry
entry that determines the behavior of key generation using the nCipher
CSP.
Alternatively, the user can edit the registry value specified above
directly using `regedit'.
The registry setting must be reset using either of the above methods
after each invocation of the affected nCipher CSP Install Wizard.
2. Users who have already created a key which is erroneously module
protected
-------------------------------------------------------------------
Users who have already generated keys which were intended to be cardset
protected, but due to this error are not, are advised to apply the above
registry fix and generate new keys. nCipher recommends against
converting existing module-protected keys to cardset-protected status,
since it is extremely difficult to do this in a way that increases
security.
SOFTWARE DISTRIBUTION AND REFERENCES
====================================
You can obtain copies of this advisory, advice on obtaining a patch kit,
and supporting documentation from the nCipher security advisories Web
site:
http://www.ncipher.com/support/advisories/
Further information
-------------------
General information about nCipher products:
http://www.ncipher.com/
nCipher Developer's Guide and nCipher Developer's Reference
http://www.ncipher.com/documentation.html
nCipher Support
---------------
nCipher customers who require support or further information regarding
this problem should contact supportat_private
(c) nCipher Corporation Ltd. 2002
$Id: advisory3.txt,v 1.19 2002/05/10 17:18:11 mknight Exp $
This archive was generated by hypermail 2b30 : Mon May 13 2002 - 10:39:21 PDT