View Full Version : _NSAKEY

Magda Hassan
03-21-2011, 01:53 PM
_NSAKEY is a variable (http://en.wikipedia.org/wiki/Variable) name discovered in Windows NT 4 (http://en.wikipedia.org/wiki/Windows_NT_4) Service Pack (http://en.wikipedia.org/wiki/Windows_NT_4.0#Service_Packs) 5 (which had been released unstripped of its symbolic debugging (http://en.wikipedia.org/wiki/Debug_symbol) data) in August 1999 by Andrew D. Fernandes of Cryptonym Corporation (http://en.wikipedia.org/w/index.php?title=Cryptonym_Corporation&action=edit&redlink=1). That variable contained a 1024-bit public key (http://en.wikipedia.org/wiki/Public_key).

1 Overview (http://en.wikipedia.org/wiki/NSAKEY#Overview)
2 Microsoft's reaction (http://en.wikipedia.org/wiki/NSAKEY#Microsoft.27s_reaction)
3 Explanations from other sources (http://en.wikipedia.org/wiki/NSAKEY#Explanations_from_other_sources)
4 CAPI Signature Public Keys as PGP Keys (http://en.wikipedia.org/wiki/NSAKEY#CAPI_Signature_Public_Keys_as_PGP_Keys)

4.1 Microsoft's Primary (_KEY variable) CAPI Signature Key (http://en.wikipedia.org/wiki/NSAKEY#Microsoft.27s_Primary_.28_KEY_variable.29_C API_Signature_Key)
4.2 Microsoft's Secondary (_NSAKEY variable, now _KEY2) CAPI Signature Key (http://en.wikipedia.org/wiki/NSAKEY#Microsoft.27s_Secondary_.28_NSAKEY_variable .2C_now_KEY2.29_CAPI_Signature_Key)

5 See also (http://en.wikipedia.org/wiki/NSAKEY#See_also)
6 References (http://en.wikipedia.org/wiki/NSAKEY#References)


Microsoft (http://en.wikipedia.org/wiki/Microsoft)'s operating systems (http://en.wikipedia.org/wiki/Operating_system) require all cryptography (http://en.wikipedia.org/wiki/Cryptography) suites that can go into its operating systems to have a digital signature (http://en.wikipedia.org/wiki/Digital_signature). When only Microsoft-approved cryptography suites can be used, complying with the Export Administration Regulations (http://en.wikipedia.org/wiki/Export_Administration_Regulations) (EAR) of the US Department of Commerce (http://en.wikipedia.org/wiki/US_Department_of_Commerce), Bureau of Export Administration (http://en.wikipedia.org/wiki/Bureau_of_Export_Administration) (BXA) (now known as the Bureau of Industry and Security or BIS) is easier. It was already known that Microsoft uses two keys, a primary and a spare, either of which can create valid signatures. The primary key is stored in the variable _KEY; Fernandes had discovered the second key.
Fernandes published his discovery, touching off a flurry of speculation and development of numerous conspiracy theories (http://en.wikipedia.org/wiki/Conspiracy_theory). If the private half of that key were actually owned by the United States National Security Agency (http://en.wikipedia.org/wiki/National_Security_Agency), the NSA (as suggested by the name), it would allow that intelligence agency to subvert any Windows user's security.
In addition, Windows 2000 had a third key with an unknown purpose, found by Dr. Nicko van Someren.[1] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-0) Microsoft claims this is only in beta builds of Windows 2000 and that its use was for signing Cryptographic Service Providers (http://en.wikipedia.org/wiki/Cryptographic_Service_Provider).[2] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-NoBackdoor-1) It did not have any clear purposes according to van Someren,[3] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-2) and it is unclear whether it is present in final builds or just beta builds. (There is no 'Back Door' in Windows (http://web.archive.org/web/20061124104925/www.microsoft.com/technet/archive/security/news/backdoor.mspx) conflicts with Microsoft, the NSA, and You (http://web.archive.org/web/20000816181539/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html) and How NSA access was built into Windows (http://www.heise.de/tp/r4/artikel/5/5263/1.html))
Microsoft's reaction

Microsoft, however, denied all such suggestions. "This report is inaccurate and unfounded. The key in question is a Microsoft key. It is maintained and safeguarded by Microsoft, and we have not shared this key with the NSA or any other party."[4] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-3) The key's symbol was "_NSAKEY" because the NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws.[2] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-NoBackdoor-1)
The Computers, Freedom and Privacy (http://en.wikipedia.org/wiki/Computers,_Freedom_and_Privacy_Conference) 2000 (CFP2000) conference was held from 4–7 April 2000 in Toronto (http://en.wikipedia.org/wiki/Toronto), Canada (http://en.wikipedia.org/wiki/Canada). During a presentation to that conference, Duncan Campbell (http://en.wikipedia.org/wiki/Duncan_Campbell_%28investigative_journalist%29), Senior Research Fellow at the Electronic Privacy Information Center (http://en.wikipedia.org/wiki/Electronic_Privacy_Information_Center) (EPIC), mentioned the _NSAKEY controversy as an example of an outstanding issue related to security and surveillance.
Richard Purcell, Microsoft’s Director of Corporate Privacy, approached Campbell after his presentation and expressed a wish to clear up the confusion and doubts about _NSAKEY. Immediately after the conference, Scott Culp, of the Microsoft Security Response Center, contacted Campbell and offered to answer his questions. Their correspondence began cordially but soon became strained; Campbell apparently felt Culp was being evasive and Culp apparently felt that Campbell was hostilely repeating questions that he had already answered. On 28 April 2000, Culp stated that "we have definitely reached the end of this discussion ... [which] is rapidly spiraling into the realm of conspiracy theory"[5] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-4) and Campbell's further inquiries went unanswered.
Explanations from other sources

After a great deal of discussion featuring wildly varying levels of cryptographic expertise, various conclusions have been presented. To begin with, some observers, including Fernandes, doubt the BXA's EAR have specific requirements for backup keys. However, none of the commentators claim the legal expertise necessary to authoritatively discuss that document.
Microsoft insists that the second key is present as a backup to guard against the possibility of losing the primary secret key. Fernandes doubts this explanation, pointing out that the generally accepted way to guard against loss of a secret key is secret splitting (http://en.wikipedia.org/wiki/Secret_splitting), which would divide the key into several different parts, which would then be distributed throughout senior management.[6] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-5) Such a plan would be far more robust than simply using two keys; if the second key is also lost, Microsoft would need to patch or upgrade every copy of Windows in the world, as well as every cryptographic module it has ever signed.
On the other hand, if Microsoft failed to think about the consequences of key loss and created a first key without using secret splitting (http://en.wikipedia.org/wiki/Secret_splitting) (and did so in secure hardware which doesn't allow protection to be weakened after key generation), and the NSA (http://en.wikipedia.org/wiki/NSA) pointed out the problem as part of the review process, it might explain both why Microsoft weakened their scheme with a second key and why the new one was called _NSAKEY. (The second key might be backed up using secret splitting (http://en.wikipedia.org/wiki/Secret_splitting), so losing both keys needn't be a problem.)
Another line of speculation concludes that Microsoft included a second key to be able to sign cryptographic modules outside the United States, while still complying with the BXA's EAR. If cryptographic modules were to be signed in multiple locations, using multiple keys is a reasonable approach. However, no cryptographic module has ever been found to be signed by _NSAKEY and Microsoft denies that any other certification authority exists.
A third possibility is that the _NSAKEY enables the NSA or other agencies to sign their own cryptographic modules without being required to disclose those modules to Microsoft, which would allow them to create modules in-house that implement classified algorithms. Of course this capability would also enable an agency to sign modules that could be used to undermine the security of any Windows installation.[citation needed (http://en.wikipedia.org/wiki/Wikipedia:Citation_needed)]
Microsoft denies that the NSA has access to the _NSAKEY secret key.
The key is still present in subsequent versions of Windows, though it has been renamed "_KEY2."
It is possible to remove the second _NSAKEY using the following.

There is good news among the bad, however. It turns out that there is a flaw in the way the "crypto_verify" function is implemented. Because of the way the crypto verification occurs, users can easily eliminate or replace the NSA key from the operating system without modifying any of Microsoft's original components. Since the NSA key is easily replaced, it means that non-US companies are free to install "strong" crypto services into Windows, without Microsoft's or the NSA's approval. Thus the NSA has effectively removed export control of "strong" crypto from Windows. A demonstration program that replaces the NSA key can be found on Cryptonym's website.[7] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-6)
CAPI Signature Public Keys as PGP Keys

In September 1999, an anonymous researcher reverse-engineered both the primary key and the _NSAKEY into PGP-compatible format and published them to the key servers (http://en.wikipedia.org/wiki/Key_server_%28cryptographic%29).[8] (http://en.wikipedia.org/wiki/NSAKEY#cite_note-7)
[edit (http://en.wikipedia.org/w/index.php?title=NSAKEY&action=edit&section=5)] Microsoft's Primary (_KEY variable) CAPI Signature Key

Type Bits/KeyID Date User ID
pub 1024/346B5095 1999/09/06 Microsoft's CAPI key <postmaster@microsoft.com>

Version: 2.6.3i

mQCPAzfTc8YAAAEEALJz4nepw3XHC7dJPlKws2li6XZiatYJuj G+asysEvHz2mwY
AAG0L01pY3Jvc29mdCdzIENBUEkga2V5IDxwb3N0bWFzdGVyQG 1pY3Jvc29mdC5j
yI5mub0ie1HRLExP7lVJezBTyRryV3tDv6U3OIP+KZDthdXb0f mGU5z+wHt34Uzu
xl6Q7m7oB76SKfNaWgosZxqkE5YQrXXGsn3oVZhV6yBALekWts dVaSmG8+IJNx+n
NvMTYRUz+MdrRFcEFDhFntblI8NlQenlX6CcnnfOkdR7ZKyPbV oSXW/Z6q7U9REJ
TSjBT0swYbHX+3EVt8n2nwxWb2ouNmnm9H2gYfXHikhXrwtjK2 aG/3J7k6EVxS+m
Rp+crFOB32sTO1ib2sr7GY7CZUwOpDqRxo8KmQZyhaZqz1x6my urXyw3Tg==
Microsoft's Secondary (_NSAKEY variable, now _KEY2) CAPI Signature Key

Type Bits/KeyID Date User ID
pub 1024/51682D1F 1999/09/06 NSA's Microsoft CAPI key <postmaster@nsa.gov>

Version: 2.6.3i

AAG0LU5TQSdzIE1pY3Jvc29mdCBDQVBJIGtleSA8cG9zdG1hc3 RlckBuc2EuZ292
it7IHU/6Aem1h4Bs6KE5MPpjKRxRkqQjbW4f0cgXg6+LV+V9cNMylZHRe f3PZCQa
5DOI5crQ0IWyjQCt9br07BL9C3X5WHNNRsRIr9WiVfPK8eyxhN Yl/NiH2GzXYbNe
UWjaS2KuJNVvozjxGymcnNTwJltZK4RLZxo05FW2InJbtEfMc+ m823vVltm9l/f+
See also

Trusted Computer System Evaluation Criteria (http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria)


^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-0) "Microsoft, the NSA, and You" (http://web.archive.org/web/20000617094917/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html). Cryptonym. 1999-08-31. Archived from the original (http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html) on 17 June 2000. http://web.archive.org/web/20000617094917/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html. Retrieved 2007-01-07. (Internet Archive (http://en.wikipedia.org/wiki/Internet_Archive) / Wayback Machine (http://en.wikipedia.org/wiki/Internet_Archive#Wayback_Machine))
^ a (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-NoBackdoor_1-0) b (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-NoBackdoor_1-1) "There is no "Back Door" in Windows" (http://www.microsoft.com/technet/archive/security/news/backdoor.mspx?mfr=true). Microsoft. 1999-09-07. http://www.microsoft.com/technet/archive/security/news/backdoor.mspx?mfr=true. Retrieved 2007-01-07.
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-2) "How NSA access was built into Windows" (http://www.heise.de/tp/r4/artikel/5/5263/1.html). Heise. 1999-01-04. http://www.heise.de/tp/r4/artikel/5/5263/1.html. Retrieved 2007-01-07.
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-3) Microsoft Corp. (1999-09-03). "Microsoft Says Speculation About Security and NSA Is "Inaccurate and Unfounded"" (http://www.microsoft.com/presspass/press/1999/sept99/rsapr.mspx). Press release. http://www.microsoft.com/presspass/press/1999/sept99/rsapr.mspx. Retrieved 2006-11-09.
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-4) "The Culp-Campbell correspondence (Microsoft Stonewalls _NSAkey Questions)" (http://cryptome.org/nsakey-ms-dc.htm). Cryptome. 2000-05-25. http://cryptome.org/nsakey-ms-dc.htm. Retrieved 2006-11-27.
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-5) "Analysis by Bruce Schneier" (http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI). Counterpane. 1999-09-15. http://www.schneier.com/crypto-gram-9909.html#NSAKeyinMicrosoftCryptoAPI. Retrieved 2007-01-07.
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-6) "Microsoft, the NSA, and You" (http://web.archive.org/web/20001109204800/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html). Cryptonym. 1999-08-31. Archived from the original (http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html) on 9 November 2000. http://web.archive.org/web/20001109204800/http://www.cryptonym.com/hottopics/msft-nsa/msft-nsa.html. Retrieved 2007-01-07. (Internet Archive (http://en.wikipedia.org/wiki/Internet_Archive) / Wayback Machine (http://en.wikipedia.org/wiki/Internet_Archive#Wayback_Machine))
^ (http://en.wikipedia.org/wiki/NSAKEY#cite_ref-7) "The reverse-engineered keys" (http://cypherspace.org/adam/hacks/ms-nsa-key.html). Cypherspace. 1999-09-06. http://cypherspace.org/adam/hacks/ms-nsa-key.html. Retrieved 2007-01-07.