_NSAKEY was a variable name discovered in Windows NT 4 SP5 in 1999 by Andrew D. Fernandes of Cryptonym Corporation. The variable contained a 1024-bit public key; public keys are used in public-key cryptography for encryption and digital signature verification (but not decryption or signing). Because of the name, however, it was speculated that the key would allow the United States National Security Agency (NSA) to subvert any Windows user's security. Microsoft denied the speculation and said that the key's name came from the fact that NSA was the technical review authority for U.S. cryptography export controls.
Overview
Microsoft requires all Cryptographic Service Providers used by the Microsoft Cryptographic API (CryptoAPI) to have an RSA digital signature. Since only Microsoft-approved providers can be used with the CryptoAPI, it is possible to keep export copies of this operating system in compliance with the Export Administration Regulations (EAR), which are enforced by the Bureau of Industry and Security (BIS).
It was already known that Microsoft used two keys, a primary and a spare, either of which can create valid signatures. Upon releasing the Service Pack 5 for Windows NT 4.0, Microsoft had neglected to remove the debugging symbols in ADVAPI32.DLL, a library that exposes such Windows features as Windows Registry and security. Andrew Fernandes, chief scientist with Cryptonym, found the primary key stored in the variable and the second key was labeled . Fernandes published his discovery, touching off a flurry of speculation and conspiracy theories, including the possibility that the second key enabled the United States National Security Agency (NSA) to subvert any Windows user's security.
During a presentation at the Computers, Freedom and Privacy 2000 (CFP2000) conference, Duncan Campbell, senior research fellow at the Electronic Privacy Information Center (EPIC), mentioned the controversy as an example of an outstanding issue related to security and surveillance.
In addition, Dr. Nicko van Someren found a third key in Windows 2000, which he doubted had a legitimate purpose, and declared that "It looks more fishy".
Microsoft's reaction
Microsoft denied the backdoor speculations on and said "This speculation is ironic since Microsoft has consistently opposed the various key escrow proposals suggested by the government." According to Microsoft, the key's symbol was "" because the NSA was the review authority for U.S. cryptography export controls.
Microsoft claimed the third key was only in beta builds of Windows 2000 and that its purpose was for signing Cryptographic Service Providers.
Further technical information
The Mozilla page on common questions on cryptography describes how Microsoft signs CSPs:
<blockquote>
It is in fact possible under certain circumstances to obtain an export license for software invoking cryptographic functions through an API. For example, Microsoft's implementation of the Microsoft Cryptographic API (CryptoAPI) specification was approved for export from the US, even though it implements an API by which third parties, including third parties outside the US, can add separate modules ("Cryptographic Service Providers" or CSPs) implementing cryptographic functionality. This export approval was presumably made possible because a) the CryptoAPI implementation requires third party CSPs to be digitally signed by Microsoft and rejects attempts to call CSPs not so signed; b) through this signing process Microsoft can ensure compliance with the relevant US export control regulations (e.g., they presumably would not sign a CSP developed outside the US that implements strong cryptography); and c) Microsoft's CryptoAPI implementation is available only in executable form, and thus is presumed to be reasonably resistant to user tampering to disable the CSP digital signature check.
</blockquote>
According to Fernandes, it is possible to replace . When loading a cryptographic module, the function first tries using to verify the module, then . Since no cryptographic modules in Windows are signed with , it never gets used. Replacing it with a different key allows non-US companies to install their crypto services into Windows without Microsoft's or the NSA's approval.
Key values
<!-- Both keys have been converted from the PGP keys (described further in the article) via https://cirw.in/gpg-decoder/ -->
Both keys are RSA keys with an e equal to 65537, which is a standard choice.
_KEY has an n of:
<pre>b273e277a9c375c70bb7493e52b0b36962e976626ad609ba31be6accac12f1f3da6c18d96951820c457c7b4c4893bd149de279a39f6ec926d3544db3491fa2e9af1bf8260b3b0fbadd69cbd77b28012925711b17c0b877eaf7da9d02dd5f8572854e5c90e9b10cfbaeaf8b8fe1df5047bc18829a531499bbf49e8021346b5095</pre>
_NSAKEY has an n of:
<pre>ba8e15fee3cd160fb47cf93e2b4d842615af23f0659264d81edc35a27d3aa450890a227b561da401ff3908771d243f6eeb4f9e351976e90f07fd22cd099ccd71e85b97f5439adb172d32d71cb66c26c5b188a3e11790ed01eb31bf27bc667b396fd8283097d8b3869cc7511a3496e829a32bbad6d2f7aa7e8ca9805d51682d1f</pre>
PGP keys
In September 1999, an anonymous researcher reverse-engineered both the primary key and the _NSAKEY into PGP-compatible format and published them to key servers.
Primary key (_KEY)
<pre>
Type Bits/KeyID Date User ID
pub 1024/346B5095 1999/09/06 Microsoft's CAPI key <postmaster@microsoft.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCPAzfTc8YAAAEEALJz4nepw3XHC7dJPlKws2li6XZiatYJujG+asysEvHz2mwY
2WlRggxFfHtMSJO9FJ3ieaOfbskm01RNs0kfoumvG/gmCzsPut1py9d7KAEpJXEb
F8C4d+r32p0C3V+FcoVOXJDpsQz7rq+Lj+HfUEe8GIKaUxSZu/SegCE0a1CVABEB
AAG0L01pY3Jvc29mdCdzIENBUEkga2V5IDxwb3N0bWFzdGVyQG1pY3Jvc29mdC5j
b20+iQEVAwUQN9Nz5j57yqgoskVRAQFr/gf8DGm1hAxWBmx/0bl4m0metM+IM39J
yI5mub0ie1HRLExP7lVJezBTyRryV3tDv6U3OIP+KZDthdXb0fmGU5z+wHt34Uzu
xl6Q7m7oB76SKfNaWgosZxqkE5YQrXXGsn3oVZhV6yBALekWtsdVaSmG8+IJNx+n
NvMTYRUz+MdrRFcEFDhFntblI8NlQenlX6CcnnfOkdR7ZKyPbVoSXW/Z6q7U9REJ
TSjBT0swYbHX+3EVt8n2nwxWb2ouNmnm9H2gYfXHikhXrwtjK2aG/3J7k6EVxS+m
Rp+crFOB32sTO1ib2sr7GY7CZUwOpDqRxo8KmQZyhaZqz1x6myurXyw3Tg==
=ms8C
-----END PGP PUBLIC KEY BLOCK-----
</pre>
Secondary key (_NSAKEY and _KEY2)
<pre>
Type Bits/KeyID Date User ID
pub 1024/51682D1F 1999/09/06 NSA's Microsoft CAPI key <postmaster@nsa.gov>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQCPAzfTdH0AAAEEALqOFf7jzRYPtHz5PitNhCYVryPwZZJk2B7cNaJ9OqRQiQoi
e1YdpAH/OQh3HSQ/butPnjUZdukPB/0izQmczXHoW5f1Q5rbFy0y1xy2bCbFsYij
4ReQ7QHrMb8nvGZ7OW/YKDCX2LOGnMdRGjSW6CmjK7rW0veqfoypgF1RaC0fABEB
AAG0LU5TQSdzIE1pY3Jvc29mdCBDQVBJIGtleSA8cG9zdG1hc3RlckBuc2EuZ292
PokBFQMFEDfTdJE+e8qoKLJFUQEBHnsH/ihUe7oq6DhU1dJjvXWcYw6p1iW+0euR
YfZjwpzPotQ8m5rC7FrJDUbgqQjoFDr++zN9kD9bjNPVUx/ZjCvSFTNu/5X1qn1r
it7IHU/6Aem1h4Bs6KE5MPpjKRxRkqQjbW4f0cgXg6+LV+V9cNMylZHRef3PZCQa
5DOI5crQ0IWyjQCt9br07BL9C3X5WHNNRsRIr9WiVfPK8eyxhNYl/NiH2GzXYbNe
UWjaS2KuJNVvozjxGymcnNTwJltZK4RLZxo05FW2InJbtEfMc+m823vVltm9l/f+
n2iYBAaDs6I/0v2AcVKNy19Cjncc3wQZkaiIYqfPZL19kT8vDNGi9uE=
=PhHT
-----END PGP PUBLIC KEY BLOCK-----
</pre>
See also
- Lotus Notes – openly used an NSA key in order to comply with cryptography export regulations
- Clipper chip