[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [NOT NOISE] Microsoft Crypto Service Provider API
-----BEGIN PGP SIGNED MESSAGE-----
In list.cypherpunks, [email protected] writes of the MS CSPAPI and
signatures:
> More interesting would be the OS patch that allows an unsigned
> (or signed by someone other than MS) CSP to be loaded...
Agreed.
> Hmm, logically the patch must be built in and only need to be
> switched on as it would be too annoying to debug a CSP if you
> needed to get it signed every time you built a new version.
Not quite. The API comes with a program SIGN.EXE that will create a
"debugging signature" for your CSP, and a new ADVAPI32.DLL, described as
a "Modified advapi32.dll to load providers that are signed with
sign.exe." So the patch point is a bit more accessable than inside the
kernel. Maybe the "Modified advapi32.dll" should find its way offshore?
> Microsoft's Authenticode system had such a patch at one time
> for just that purpose, and all it required was a registry setting.
Interestingly enough, CSP signatures are held in the registry instead of
the binary, necessitating some install procedure for a given CSP. Not
to start rumors, but NT 4.0 does use threads to watch some registry
entries that control the version (workstation/server). Not much of a
stretch to imagine a thread that tracks (reports?) changes to
HKEY_LOCAL_MACHINE
SOFTWARE
Microsoft
Cryptography
Defaults
Provider
...
- --
Roy M. Silvernail [ ] [email protected]
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Public Key fingerprint = 31 86 EC B9 DB 76 A7 54 13 0B 6A 6B CC 09 18 B6
Key available from [email protected]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMsAbhhvikii9febJAQEQwAQAuasIE2nEXiLlukBTRWoOFgdJa4jZh/MF
Ql0OxvKXbpKzFodE+O56An7ulH/tkfmXUd9E6xVtO6Z/AcrqN284ZPJmcbsR5cYB
KBhcHAc4JbFlUxpSu8iTM5B4seMwQrl9PmxN43q7GDq07NSbKZYkQ7ljwcTnULoQ
9I5gjyirmTc=
=J0eC
-----END PGP SIGNATURE-----