COMMAND

    nCipher

SYSTEMS AFFECTED

    nCipher 3.62 and earlier

PROBLEM

    In   certain   circumstances,    the   nCipher   security    world
    initialization  software  enables  the  Operator Card Set recovery
    feature, even when the user requested that recovery be disabled.

    nCipher's key  management modules  (nForce/nShield) are  generally
    used with nCipher's  suite of utilities  for managing a  `security
    world'.  A security world  is a collection of cryptographic  keys,
    smart  cards,  modules   and  associated  data   stored  on   host
    computers, designed to prevent unauthorized access to  application
    keys while maintaining scalability and key availability.

    The core  security world  secrets are  protected by  Administrator
    Cards written by the initialization software and kept safe by  the
    user.

    Application  keys  can  either  be  made  available to any nCipher
    module  appropriately  programmed  with  the  user's Administrator
    Cards or  they can  be protected  by further  smart cards known as
    Operator Cards.

    nCipher offers an `Operator Card Set Recovery' feature that allows
    continued key  availability even  after loss  of all  the Operator
    Card(s).  With Operator  Card Set Recovery enabled,  an additional
    copy  of  the  application  key  is  made,  protected  by recovery
    information stored on the Administrator Cards.

    The command-line security  world initialization program  `sw-init'
    usually prompts the user whether to enable recovery.  If the  user
    answers `no'  to the  prompt, recovery  is disabled  as requested.
    However,  the   program  also   supports  a   command-line  option
    `--no-recovery' which suppresses the prompt and should disable the
    recovery  feature.   This  option   has  been  found  to   operate
    incorrectly and ENABLES Operator Card Set recovery.

    The  Install  Wizard  for  nCipher's  MSCAPI  support  software on
    Windows  2000  offers  a  check  box  for controlling the recovery
    feature,  which  is  selected   (recovery  enabled)  by   default.
    However, if the user unsets the recovery check box, the  installer
    invokes `sw-init'  with the  `--no-recovery' option  which ENABLES
    recovery.

    An attacker  who gains  control of  sufficient Administrator Cards
    and  passphrases  could  gain  unauthorized  access to application
    keys.

    This problem affects security worlds where:
    * the user intended that  Operator Card Set recovery be  disabled,
      if the world was created using `sw-init --no-recovery' using  CD
      versions 3.62 and earlier;
    * the user  intended that Operator  Card Set recovery  be disabled
      and which were created  using Windows 2000 Install  Wizard using
      CD versions 3.62 and earlier.

    The problem does not affect security worlds:
    * where  users  requested  that  Operator  Card  Set  recovery  be
      enabled:  recovery is enabled as requested;
    * created with software from CD versions 3.70 and later;
    * generated using the nCipher KeySafe key management tool;
    * created  with  `sw-init'  if  the  user  answered  `no'  to  the
      interactive question about recovery.

    To determine whether recovery  is enabled in your  security world,
    run  the  `nfkminfo'  command  line  program  (in  c:\nfast\bin on
    Windows or /opt/nfast/bin on other platforms).  Output containing:

          World
           generation 1
           state      0x70000 Initialised Useable Recovery !ExistingClient

    indicates that recovery is enabled.  Output containing:

          World
           generation 1
           state      0x70000 Initialised Useable !Recovery !ExistingClient

    indicates  that  recovery  is   disabled  (note  the  `!'   before
    `Recovery' indicating `not').

SOLUTION

    Users who have already created a security world and wish to keep it
    ===================================================================
    For users with a security world created with recovery enabled, but
    where they intended  recovery to be  disabled, nCipher supplies  a
    utility  that  will  retrospectively  disable  key  recovery.  The
    program works  by erasing  the key  material on  the Administrator
    Cards that is used in the recovery process.  After `killrecov'  is
    run recovery from Operator Card  loss is no longer possible,  even
    for  existing  application  keys,  because  information  from  the
    Administrator  Cards  is  needed  to  decrypt  the stored recovery
    copies of the application keys.
    (i) Obtain  the  appropriate  version  of  the patch kit for  your
        operating system from http://active.ncipher.com/updates
    (ii) Follow  the instructions  described in  the `killrecov  Usage
         Guide',  supplied  in  the   patch  kit  as  krecov.pdf   and
         krecov.htm.

    2. Users who want to create new security worlds
    ===============================================
    If you want to create a new security world with Operator Card  Set
    recovery disabled, you have four options:
    (i) Upgrade to new software
    (ii) Patch the current installed software
         For  users  with  the  defective  `sw-init'  program, nCipher
         supplies a patch program  to modify the installed  version of
         `sw-init'.   Obtain  the  appropriate  patch  kit  for   your
         operating system from the  location listed below and  run the
         `swinit-rcvfix' program.   This patches  your installed  copy
         of `sw-init' and reports `mistaken recovery bug now fixed'.
    (iii) Using  `sw-init',  interactively  request  that recovery  be
          disabled
          If  you  create  your  security  world  with  the  `sw-init'
          command-line  program  without  supplying  the  command-line
          options  to  control  recovery,  and  answer  `no'  to   its
          question about recovery, recovery will be disabled correctly
          in your new security world.
    (iv) Use KeySafe
         If you use  KeySafe, and request  that recovery be  disabled,
         recovery  will  be  disabled  correctly  in your new security
         world.