||Home : Advisories : Operator cards unexpectedly recoverable|
||Operator cards unexpectedly recoverable
||12th December 2000
In certain circumstances, the nCipher security world initialization
software enables the Operator Card Set recovery feature, even when the
user requested that recovery be disabled.
nCipher's key management modules (nForce/nShield) are generally used
with nCipher's suite of utilities for managing a `security world'. A
security world is a collection of cryptographic keys, smart cards,
modules and associated data stored on host computers, designed to
prevent unauthorized access to application keys while maintaining
scalability and key availability.
The core security world secrets are protected by Administrator Cards
written by the initialization software and kept safe by the user.
Application keys can either be made available to any nCipher module
appropriately programmed with the user's Administrator Cards or they
can be protected by further smart cards known as Operator Cards.
nCipher offers an `Operator Card Set Recovery' feature that allows
continued key availability even after loss of all the Operator
Card(s). With Operator Card Set Recovery enabled, an additional copy
of the application key is made, protected by recovery information
stored on the Administrator Cards.
The command-line security world initialization program `sw-init'
usually prompts the user whether to enable recovery. If the user
answers `no' to the prompt, recovery is disabled as requested.
However, the program also supports a command-line option
`--no-recovery' which suppresses the prompt and should disable the
recovery feature. This option has been found to operate incorrectly
and ENABLES Operator Card Set recovery.
The Install Wizard for nCipher's MSCAPI support software on Windows
2000 offers a check box for controlling the recovery feature, which is
selected (recovery enabled) by default. However, if the user unsets
the recovery check box, the installer invokes `sw-init' with the
`--no-recovery' option which ENABLES recovery.
An attacker who gains control of sufficient Administrator Cards and
passphrases could gain unauthorized access to application keys.
3. Who May Be Affected
This problem affects security worlds where:
* the user intended that Operator Card Set recovery be disabled, if
the world was created using `sw-init --no-recovery' using CD versions
3.62 and earlier;
* the user intended that Operator Card Set recovery be disabled and
which were created using Windows 2000 Install Wizard using CD versions
3.62 and earlier.
The problem does not affect security worlds:
* where users requested that Operator Card Set recovery be enabled:
recovery is enabled as requested;
* created with software from CD versions 3.70 and later;
* generated using the nCipher KeySafe key management tool;
* created with `sw-init' if the user answered `no' to the interactive
question about recovery.
4. How To Tell If You Are Affected
To determine whether recovery is enabled in your security world, run
the `nfkminfo' command line program (in c:\nfast\bin on Windows or
/opt/nfast/bin on other platforms). Output containing:
state 0x70000 Initialised Useable Recovery !ExistingClient
indicates that recovery is enabled. Output containing:
state 0x70000 Initialised Useable !Recovery !ExistingClient
indicates that recovery is disabled (note the `!' before `Recovery'
If you do not have `nfkminfo', contact firstname.lastname@example.org.
1. Users who have already created a security world and wish to keep it:
For users with a security world created with recovery enabled, but
where they intended recovery to be disabled, nCipher supplies a
utility that will retrospectively disable key recovery.
The program works by erasing the key material on the Administrator
Cards that is used in the recovery process. After `killrecov' is run
recovery from Operator Card loss is no longer possible, even for
existing application keys, because information from the Administrator
Cards is needed to decrypt the stored recovery copies of the
(i) Obtain the appropriate version of the patch kit for your
operating system from http://active.ncipher.com/updates
(ii) Follow the instructions described in the `killrecov Usage Guide',
supplied in the patch kit as krecov.pdf and krecov.htm.
2. Users who want to create new security worlds:
If you want to create a new security world with Operator Card Set
recovery disabled, you have four options:
(i) Upgrade to new software
Contact email@example.com to receive the appropriate software
(ii) Patch the current installed software
For users with the defective `sw-init' program, nCipher supplies a
patch program to modify the installed version of `sw-init'. Obtain
the appropriate patch kit for your operating system from the location
listed below and run the `swinit-rcvfix' program. This patches your
installed copy of `sw-init' and reports `mistaken recovery bug now
(iii) Using `sw-init', interactively request that recovery be disabled
If you create your security world with the `sw-init' command-line
program without supplying the command-line options to control
recovery, and answer `no' to its question about recovery, recovery
will be disabled correctly in your new security world.
(iv) Use KeySafe
If you use KeySafe, and request that recovery be disabled, recovery
will be disabled correctly in your new security world.
SECURITY USAGE NOTES
We reproduce here some information from the nForce/nShield User Guide,
concerning good security practices:
* The cards in the Administrator Card Set are only used for recovery
operations and adding extra modules to a security world. At all other
times, these cards should be stored in a safe.
* Never insert a smart card used with nCipher key management into an
untrusted smart card reader.
* Only use the Administrator Card Set in modules connected to trusted
SOFTWARE DISTRIBUTION AND REFERENCES
You can obtain copies of this advisory, patch kits for all nCipher
supported platforms, and supporting documentation, from the nCipher
General information about nCipher products:
nCipher Developer's Guide and nCipher Developer's Reference
nCipher customers who require support or further information regarding
this problem should contact firstname.lastname@example.org.
$Id: advisory.txt,v 1.8 2000/11/24 15:40:21 iwj Exp $