COMMAND
nCipher
SYSTEMS AFFECTED
nCipher 3.62 and earlier
PROBLEM
In certain circumstances, the nCipher security world
initialization software enables the Operator Card Set recovery
feature, even when the user requested that recovery be disabled.
nCipher's key management modules (nForce/nShield) are generally
used with nCipher's suite of utilities for managing a `security
world'. A security world is a collection of cryptographic keys,
smart cards, modules and associated data stored on host
computers, designed to prevent unauthorized access to application
keys while maintaining scalability and key availability.
The core security world secrets are protected by Administrator
Cards written by the initialization software and kept safe by the
user.
Application keys can either be made available to any nCipher
module appropriately programmed with the user's Administrator
Cards or they can be protected by further smart cards known as
Operator Cards.
nCipher offers an `Operator Card Set Recovery' feature that allows
continued key availability even after loss of all the Operator
Card(s). With Operator Card Set Recovery enabled, an additional
copy of the application key is made, protected by recovery
information stored on the Administrator Cards.
The command-line security world initialization program `sw-init'
usually prompts the user whether to enable recovery. If the user
answers `no' to the prompt, recovery is disabled as requested.
However, the program also supports a command-line option
`--no-recovery' which suppresses the prompt and should disable the
recovery feature. This option has been found to operate
incorrectly and ENABLES Operator Card Set recovery.
The Install Wizard for nCipher's MSCAPI support software on
Windows 2000 offers a check box for controlling the recovery
feature, which is selected (recovery enabled) by default.
However, if the user unsets the recovery check box, the installer
invokes `sw-init' with the `--no-recovery' option which ENABLES
recovery.
An attacker who gains control of sufficient Administrator Cards
and passphrases could gain unauthorized access to application
keys.
This problem affects security worlds where:
* the user intended that Operator Card Set recovery be disabled,
if the world was created using `sw-init --no-recovery' using CD
versions 3.62 and earlier;
* the user intended that Operator Card Set recovery be disabled
and which were created using Windows 2000 Install Wizard using
CD versions 3.62 and earlier.
The problem does not affect security worlds:
* where users requested that Operator Card Set recovery be
enabled: recovery is enabled as requested;
* created with software from CD versions 3.70 and later;
* generated using the nCipher KeySafe key management tool;
* created with `sw-init' if the user answered `no' to the
interactive question about recovery.
To determine whether recovery is enabled in your security world,
run the `nfkminfo' command line program (in c:\nfast\bin on
Windows or /opt/nfast/bin on other platforms). Output containing:
World
generation 1
state 0x70000 Initialised Useable Recovery !ExistingClient
indicates that recovery is enabled. Output containing:
World
generation 1
state 0x70000 Initialised Useable !Recovery !ExistingClient
indicates that recovery is disabled (note the `!' before
`Recovery' indicating `not').
SOLUTION
Users who have already created a security world and wish to keep it
===================================================================
For users with a security world created with recovery enabled, but
where they intended recovery to be disabled, nCipher supplies a
utility that will retrospectively disable key recovery. The
program works by erasing the key material on the Administrator
Cards that is used in the recovery process. After `killrecov' is
run recovery from Operator Card loss is no longer possible, even
for existing application keys, because information from the
Administrator Cards is needed to decrypt the stored recovery
copies of the application keys.
(i) Obtain the appropriate version of the patch kit for your
operating system from http://active.ncipher.com/updates
(ii) Follow the instructions described in the `killrecov Usage
Guide', supplied in the patch kit as krecov.pdf and
krecov.htm.
2. Users who want to create new security worlds
===============================================
If you want to create a new security world with Operator Card Set
recovery disabled, you have four options:
(i) Upgrade to new software
(ii) Patch the current installed software
For users with the defective `sw-init' program, nCipher
supplies a patch program to modify the installed version of
`sw-init'. Obtain the appropriate patch kit for your
operating system from the location listed below and run the
`swinit-rcvfix' program. This patches your installed copy
of `sw-init' and reports `mistaken recovery bug now fixed'.
(iii) Using `sw-init', interactively request that recovery be
disabled
If you create your security world with the `sw-init'
command-line program without supplying the command-line
options to control recovery, and answer `no' to its
question about recovery, recovery will be disabled correctly
in your new security world.
(iv) Use KeySafe
If you use KeySafe, and request that recovery be disabled,
recovery will be disabled correctly in your new security
world.