nCipher Security Advisory No. 3 |
Windows 2000 keys unexpectedly only module-protected |
==================================================== |
|
UPDATED - VERSION 2 |
Changes are marked with `|' at the right. |
|
|
SUMMARY
=======
In certain circumstances, the nCipher MSCAPI CSP Install Wizard support
software on Windows 2000 will set the nCipher CSP key generation
behavior incorrectly. Despite the user requesting Operator Card Set
protection for keys (`cardset protected keys') that are generated using
the nCipher CSP, a software error might result in keys being protected
by the module alone.
The undocumented command line utility `domesticinstall.exe' is also |
affected by this problem. |
|
BACKGROUND
==========
1. Security world
-----------------
nCipher's key management modules (nForce/nShield) are generally
used with nCipher's suite of utilities for managing a `security
world'. A security world is a collection of cryptographic keys,
smart cards, modules and associated data stored on host computers.
A security world is designed to prevent unauthorized access to
application keys while maintaining scalability and key availability.
The core security world secrets are protected by Administrator Cards
written by the initialization software and kept safe by the user.
Application keys can either be made available to any nCipher module
appropriately programmed with the user's Administrator Cards (module
protected keys) or they can be protected by further smart cards known as
Operator Cards that provide an additional layer of security.
2. The nCipher CSP
------------------
If the CSP is set up to use module-protected keys, when applications
tell the CSP to create a key, it needs no input from the user. If the
CSP is set up to use Operator Cards and is told to create a key, it
first looks to see if there are any cards which it can load
automatically, and uses those if any are present. If not, it prompts
the user to choose which Operator Card Set to use.
ISSUE DESCRIPTION
=================
1. Cause
--------
The Install Wizard for the nCipher CSP support software on Windows 2000
offers a check box for controlling whether a key to be generated is
module protected or to be additionally protected by an Operator Card
Set.
When the Install Wizard is used to create an Operator Card Set then the
nCipher CSP key generation behaves as requested by the user.
If cardset protection is selected from the Install Wizard but a new
Operator Card Set is *not* created, the wizard incorrectly sets the
nCipher CSPs up to use module protection for all keys that they
subsequently create.
The domesticinstall.exe command line tool, which is not documented in |
the user guide, has a `--nousemodulekeys' option which is affected by |
a similar problem. |
|
2. Impact
---------
If the user is affected by this issue, any application key generated
by the nCipher CSP will be incorrectly protected by the module alone,
rather than by a combination of operator card set and module.
This means that an attacker who gains control of any nCipher module that |
has been programmed into the key's security world can gain unauthorized |
access to this key, because no further smart card authorization is required. |
3. Who May Be Affected
----------------------
This problem *does* affect keys that have been generated by the |
nCipher CSP |
|
* after the Install Wizard from CD version 5.50 has been run, or |
|
* after the domesticinstall.exe utility has been run from CD versions |
5.50 or 5.54. |
|
The problem does *not* affect keys that were |
|
* generated by any software other than the nCipher CSP, or |
|
* generated by the nCipher CSP using the Install Wizard from any CD |
not equal to version 5.50, or |
|
* generated by the nCipher CSP using the domesticinstall.exe utility from |
any CD earlier than version 5.50, or later than version 5.54. |
|
4. How To Tell If You Are Affected
----------------------------------
To find out whether you're affected, run `c:\nfast\bin\csputils.exe -d'
from the command line. This will give you a detailed summary of all your
containers and information for the keys they contain.
Each key (key exchange and/or signature) will have a description
including whether or not it was generated by the nCipher CSP, its hash,
and its protection method.
A cardset protected key (here stored in a container called `expimptst')
will have an entry like the following (lines have been truncated for
clarity):
Detailed report for container ID #cbfb7b11909b40ddc50da759d6029...
Filename: key_mscapi_container-cbfb7b11909b40ddc50da759d6...
Container name: expimptst
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_expimptst-ncsp-ujam...
Key was generated by the CSP
Key hash: 92c60edf376c26e9ee76db3a2a70dd031636a218
Key is recoverable.
Key is cardset protected.
Cardset name: mscapi-grimsby
Sharing parameters: 1 of 1 shares required.
Cardset hash: 4eb80f966c13bd735cb50f29ef19e5e...
Cardset is persistent.
and a module protected key will have one like the following:
Filename: key_mscapi_container-32a16394a3ffe52eb4db1127d8...
Container name: james
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_6fa4c59efefb6c01db6...
Key was generated by the CSP
Key hash: 6fa4c59efefb6c01db6eca9f1eadbb17158fc2a8
Key is recoverable.
Key is module protected.
If you have keys unexpectedly module protected when they should be
cardset protected you are affected by this bug.
REMEDY
======
1. Users who have NOT already created a key with the wrong protection
---------------------------------------------------------------------
In order to force MSCAPI applications to generate cardset protected keys
a file `wizardfix.reg' should be created containing the following text:
------------ CUT HERE --------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\nCipher\Cryptography]
"UseModuleKeys"=dword:0000000
------------ CUT HERE --------------
This file can then be run by the user to change the appropriate registry
entry that determines the behavior of key generation using the nCipher
CSP.
Alternatively, the user can edit the registry value specified above
directly using `regedit'.
The registry setting must be reset using either of the above methods
after each invocation of the affected nCipher CSP Install Wizard.
2. Users who have already created a key which is erroneously module
protected
-------------------------------------------------------------------
Users who have already generated keys which were intended to be cardset
protected, but due to this error are not, are advised to apply the above
registry fix and generate new keys. nCipher recommends against
converting existing module-protected keys to cardset-protected status,
since it is extremely difficult to do this in a way that increases
security.
SOFTWARE DISTRIBUTION AND REFERENCES
====================================
You can obtain copies of this advisory, advice on obtaining a patch kit,
and supporting documentation from the nCipher security advisories Web
site:
http://www.ncipher.com/support/advisories/
A corrected version of the Windows 2000 support software is available |
to all nCipher customers from support@ncipher.com. (Due to export control |
restrictions, it cannot be made available for public download.) |
|
|
Further information
-------------------
General information about nCipher products:
http://www.ncipher.com/
nCipher Developer's Guide and nCipher Developer's Reference
http://www.ncipher.com/documentation.html
nCipher Support
---------------
nCipher customers who require support or further information regarding
this problem should contact support@ncipher.com.
(c) nCipher Corporation Ltd. 2002 |
$Id: advisory3.txt,v 1.24 2002/06/11 10:05:55 mknight Exp $ |
