|
nCipher MSCAPI CSP Install Wizard Incorrect Key Generation Vulnerability
Solution: The following fix information has been provided by nCipher: 1. Users who have NOT already created a key with the wrong protection --------------------------------------------------------------------- In order to force MSCAPI applications to generate cardset protected keys a file `wizardfix.reg' should be created containing the following text: ------------ CUT HERE -------------- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\nCipher\Cryptography] "UseModuleKeys"=dword:0000000 ------------ CUT HERE -------------- This file can then be run by the user to change the appropriate registry entry that determines the behavior of key generation using the nCipher CSP. Alternatively, the user can edit the registry value specified above directly using `regedit'. The registry setting must be reset using either of the above methods after each invocation of the affected nCipher CSP Install Wizard. 2. Users who have already created a key which is erroneously module protected ------------------------------------------------------------------- Users who have already generated keys which were intended to be cardset protected, but due to this error are not, are advised to apply the above registry fix and generate new keys. nCipher recommends against converting existing module-protected keys to cardset-protected status, since it is extremely difficult to do this in a way that increases security. nCipher customers are advised to contact nCipher at support@ncipher.com for information on receiving patches and updates which address this issue. |
|
 Privacy Statement |
