Bugtraq mailing list archives
nCipher Security Advisory: Operator Cards unexpectedly recoverable
From: nCipher Support <support () NCIPHER COM>
Date: Tue, 12 Dec 2000 15:06:03 +0000
SUMMARY ======= In certain circumstances, the nCipher security world initialization software enables the Operator Card Set recovery feature, even when the user requested that recovery be disabled. BACKGROUND ========== nCipher's key management modules (nForce/nShield) are generally used with nCipher's suite of utilities for managing a `security world'. A security world is a collection of cryptographic keys, smart cards, modules and associated data stored on host computers, designed to prevent unauthorized access to application keys while maintaining scalability and key availability. The core security world secrets are protected by Administrator Cards written by the initialization software and kept safe by the user. Application keys can either be made available to any nCipher module appropriately programmed with the user's Administrator Cards or they can be protected by further smart cards known as Operator Cards. nCipher offers an `Operator Card Set Recovery' feature that allows continued key availability even after loss of all the Operator Card(s). With Operator Card Set Recovery enabled, an additional copy of the application key is made, protected by recovery information stored on the Administrator Cards. ISSUE DESCRIPTION ================= 1. Cause -------- The command-line security world initialization program `sw-init' usually prompts the user whether to enable recovery. If the user answers `no' to the prompt, recovery is disabled as requested. However, the program also supports a command-line option `--no-recovery' which suppresses the prompt and should disable the recovery feature. This option has been found to operate incorrectly and ENABLES Operator Card Set recovery. The Install Wizard for nCipher's MSCAPI support software on Windows 2000 offers a check box for controlling the recovery feature, which is selected (recovery enabled) by default. However, if the user unsets the recovery check box, the installer invokes `sw-init' with the `--no-recovery' option which ENABLES recovery. 2. Impact --------- An attacker who gains control of sufficient Administrator Cards and passphrases could gain unauthorized access to application keys. 3. Who May Be Affected ---------------------- This problem affects security worlds where: * the user intended that Operator Card Set recovery be disabled, if the world was created using `sw-init --no-recovery' using CD versions 3.62 and earlier; * the user intended that Operator Card Set recovery be disabled and which were created using Windows 2000 Install Wizard using CD versions 3.62 and earlier. The problem does not affect security worlds: * where users requested that Operator Card Set recovery be enabled: recovery is enabled as requested; * created with software from CD versions 3.70 and later; * generated using the nCipher KeySafe key management tool; * created with `sw-init' if the user answered `no' to the interactive question about recovery. 4. How To Tell If You Are Affected ---------------------------------- To determine whether recovery is enabled in your security world, run the `nfkminfo' command line program (in c:\nfast\bin on Windows or /opt/nfast/bin on other platforms). Output containing: World generation 1 state 0x70000 Initialised Useable Recovery !ExistingClient indicates that recovery is enabled. Output containing: World generation 1 state 0x70000 Initialised Useable !Recovery !ExistingClient indicates that recovery is disabled (note the `!' before `Recovery' indicating `not'). If you do not have `nfkminfo', contact support () ncipher com. REMEDY ====== 1. Users who have already created a security world and wish to keep it: ----------------------------------------------------------------------- For users with a security world created with recovery enabled, but where they intended recovery to be disabled, nCipher supplies a utility that will retrospectively disable key recovery. The program works by erasing the key material on the Administrator Cards that is used in the recovery process. After `killrecov' is run recovery from Operator Card loss is no longer possible, even for existing application keys, because information from the Administrator Cards is needed to decrypt the stored recovery copies of the application keys. (i) Obtain the appropriate version of the patch kit for your operating system from http://active.ncipher.com/updates (ii) Follow the instructions described in the `killrecov Usage Guide', supplied in the patch kit as krecov.pdf and krecov.htm. 2. Users who want to create new security worlds: ------------------------------------------------ If you want to create a new security world with Operator Card Set recovery disabled, you have four options: (i) Upgrade to new software Contact support () ncipher com to receive the appropriate software update. (ii) Patch the current installed software For users with the defective `sw-init' program, nCipher supplies a patch program to modify the installed version of `sw-init'. Obtain the appropriate patch kit for your operating system from the location listed below and run the `swinit-rcvfix' program. This patches your installed copy of `sw-init' and reports `mistaken recovery bug now fixed'. (iii) Using `sw-init', interactively request that recovery be disabled If you create your security world with the `sw-init' command-line program without supplying the command-line options to control recovery, and answer `no' to its question about recovery, recovery will be disabled correctly in your new security world. (iv) Use KeySafe If you use KeySafe, and request that recovery be disabled, recovery will be disabled correctly in your new security world. SECURITY USAGE NOTES ==================== We reproduce here some information from the nForce/nShield User Guide, concerning good security practices: * The cards in the Administrator Card Set are only used for recovery operations and adding extra modules to a security world. At all other times, these cards should be stored in a safe. * Never insert a smart card used with nCipher key management into an untrusted smart card reader. * Only use the Administrator Card Set in modules connected to trusted hosts. SOFTWARE DISTRIBUTION AND REFERENCES ==================================== You can obtain copies of this advisory, patch kits for all nCipher supported platforms, and supporting documentation, from the nCipher updates site: http://active.ncipher.com/updates Further information ------------------- General information about nCipher products: http://www.ncipher.com/ nCipher Developer's Guide and nCipher Developer's Reference http://www.ncipher.com/documentation.html nCipher Support --------------- nCipher customers who require support or further information regarding this problem should contact support () ncipher com. $Id: advisory.txt,v 1.8 2000/11/24 15:40:21 iwj Exp $
Current thread:
- nCipher Security Advisory: Operator Cards unexpectedly recoverable nCipher Support (Dec 13)