Cryptome DVDs. Donate $25 for two DVDs of the Cryptome collection of 47,000 files from June 1996 to January 2009 (~6.9 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, cryptome.info, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,100 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost.


6 September 1999


Date: Sat, 4 Sep 1999 21:01:28 +0100
To: cypherpunks@cyberpass.net
From: Adam Back <adam@cypherspace.org>
Cc: shamrock@cypherpunks.to, andrew@cryptonym.com
Cc: cryptography@c2.net
Subject: MSFT's NSA key as key escrow solution

Several people (Carl Ellison?, others) have suggested over the years
of the key escrow debate that if the government wants a voluntary key
escrow system all they have to do is publish a public key, and anyone
wanting to use it can Cc them.

A good source of a public key we know is the NSA's public key is the
one buried in Lotus notes 'differential crypto' partial key escrow
mechanism (24 bits of 64 are escrowed).

Andrew do you have the modulus & public exponent in hex?

I am thinking we could take the NSA's key from windows and format it
as a PGP public key.

As a 2nd issue in doing this -- what email address would one put on
the NSA's PGP public key?  Suggestions?  Big Brother <dirnsa@nsa.gov>?

You need the email address to Cc or Bcc the NSA with.  I guess even a
non working email address would do -- they'll read it anyway with
ECHELON, and probably feel duty bound to decrypt it.

A disadvantage of doing this with the Microsoft NSA key over the Lotus
one is that we know for a fact that the Lotus one is the NSA's;
whereas there is some doubt (though in my opinion a rather small
doubt) that this is NSA's key.  Anyway, if people started encrypted
messages to the NSA with it, the NSA would probably obtain it from
Microsoft one way or another.

The political value of publishing an NSA public key is probably lower
now than earlier in the key escrow / GAK debate, because for quite
some time the US government was sticking to the line that it would be
strictly voluntary -- more lately this has been less emphasied, and
key escrow itself as a government proposal is probably relatively dead
right now.

Adam


Date: Mon, 6 Sep 1999 05:20:46 +0200 (CEST) From: Anonymous <nobody@replay.com> Subject: Re: MSFT's NSA key as key escrow solution To: cypherpunks@cyberpass.net According to http://www.cryptonym.com/hottopics/msft-nsa.html the keys are stored in the following way: Before CSP loading    in ADVAPI32.DLL Address 0x77DF5530 -> A9 F1 CB 3F DB 97 F5 ... ... ... Address 0x77DF55D0 -> 90 C6 5F 68 6B 9B D4 ... ... ... After RC4 encryption using  we see A2 17 9C 98 CA => R S A 1 ... 00 01 00 01 ... (looks like an RSA public key) A0 15 9E 9A CB => R S A 1 ... 00 01 00 01 ... (looks like an RSA public key) In other words you decrypt/encrypt the ADVAPI32.DLL data with the specified RC4 keys and you see what is shown.  (Wonder how they figured out the magic RC4 decryption keys???)  Let's try it. Looking at a hex dump of ADVAPI32.DLL we find the following data for the two key buffers (which are adjacent): a9 f1 cb 3f db 97 f5 08 b4 ca ae e4 90 0f 36 75 00 0f 6c 9d 85 dd 9b f4 4d 0b c4 96 3e 79 86 30 6d 27 31 ee 4a 85 f5 ff bb a9 bd 81 86 f2 4f 87 6c 57 55 19 e4 f4 49 a3 19 27 08 82 9e f9 8a 8e 41 d6 91 71 47 48 ee d6 24 2d dd 22 72 08 c6 a7 34 6f 93 d2 e7 72 57 78 7a 96 c1 e1 47 38 78 43 53 ea f3 88 82 66 41 43 d4 62 44 01 7d b2 16 b3 50 89 db 0a 93 17 02 02 46 49 79 76 59 b6 b1 2b fc b0 9a 21 e6 fa 2d 56 07 36 bc 13 7f 1c de 55 fb 0d 67 0f c2 17 45 8a 14 2b ba 55 00 00 00 00 90 c6 5f 68 6b 9b d4 97 d2 d9 cc 1d 52 9b ec a5 d7 29 fd 64 03 8c a3 9e fb 93 b6 72 2a da 6f a5 ec 26 39 58 41 cd 3f 49 10 4c cc 7e 23 94 f9 5d 9b 2b a3 6b e8 ec 52 d9 56 64 74 7c 44 6f 36 b7 14 9d 02 3c 0e 32 b6 38 20 25 bd 8c 9b d1 46 a7 b3 58 4a b7 dd 0e 38 b6 16 44 bf c1 ca 4d 6a 9f cb 6f 3c 5f 03 ab 7a b8 16 70 cf 98 d0 ca 8d 25 57 3a 22 8b 44 96 37 51 30 00 92 1b 03 b9 f9 0d b3 1a e2 b4 c5 7b c9 4b e2 42 25 fe 3d 42 fa 45 c6 94 c9 8e 87 7e f6 68 90 30 65 10 00 00 00 00 Note that the last four bytes in each block of 160 bytes are zeros and are probably not encrypted. Decrypting these with the RC4 keys shown above doesn't quite work; the second RC4 key has a typo (noting that each key byte comes from the one above by xoring with 2, we conclude that the last byte of the second key should be C8 not CB).  Fixing this, the decryption leads to: 52 53 41 31 88 00 00 00 00 04 00 00 7f 00 00 00 01 00 01 00 95 50 6b 34 21 80 9e f4 bb 99 14 53 9a 82 18 bc 47 50 df e1 8f 8b af ae fb 0c b1 e9 90 5c 4e 85 72 85 5f dd 02 9d da f7 ea 77 b8 c0 17 1b 71 25 29 01 28 7b d7 cb 69 dd ba 0f 3b 0b 26 f8 1b af e9 a2 1f 49 b3 4d 54 d3 26 c9 6e 9f a3 79 e2 9d 14 bd 93 48 4c 7b 7c 45 0c 82 51 69 d9 18 6c da f3 f1 12 ac cc 6a be 31 ba 09 d6 6a 62 76 e9 62 69 b3 b0 52 3e 49 b7 0b c7 75 c3 a9 77 e2 73 b2 00 00 00 00 00 00 00 00 52 53 41 31 88 00 00 00 00 04 00 00 7f 00 00 00 01 00 01 00 1f 2d 68 51 5d 80 a9 8c 7e aa f7 d2 d6 ba 2b a3 29 e8 96 34 1a 51 c7 9c 86 b3 d8 97 30 28 d8 6f 39 7b 66 bc 27 bf 31 eb 01 ed 90 17 e1 a3 88 b1 c5 26 6c b6 1c d7 32 2d 17 db 9a 43 f5 97 5b e8 71 cd 9c 09 cd 22 fd 07 0f e9 76 19 35 9e 4f eb 6e 3f 24 1d 77 08 39 ff 01 a4 1d 56 7b 22 0a 89 50 a4 3a 7d a2 35 dc 1e d8 64 92 65 f0 23 af 15 26 84 4d 2b 3e f9 7c b4 0f 16 cd e3 fe 15 8e ba 00 00 00 00 00 00 00 00 This has the structure indicated on the web page: RSA1 followed by some data, the pattern 01 00 01 00, then 128 bytes of hex data.  Note that the hex data must be interpreted in little-endian form to produce an odd number, so the MSB of the RSA moduli will be b2 and ba respectivelly. The exponent is probably 0x010001, a very commonly used RSA exponent. From this it should be easy to construct PGP versions of these two RSA public keys.
Date: Mon, 6 Sep 1999 09:15:53 +0100 To: nobody@replay.com Cc: cypherpunks@cyberpass.net Cc: cryptography@c2.net From: Adam Back <adam@cypherspace.org> Subject: NSA & MSFT CAPI keys as PGP keys Anonymous provided the NSA and Microsoft CAPI keys in hex, so here are their RSA CAPI keys formatted as PGP keys.  I've signed them. I put the keys at: http://www.dcs.ex.ac.uk/~aba/nsakey/ Adam Type Bits/KeyID    Date       User ID pub  1024/51682D1F 1999/09/06 NSA's Microsoft CAPI key <postmaster@nsa.gov> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCPAzfTdH0AAAEEALqOFf7jzRYPtHz5PitNhCYVryPwZZJk2B7cNaJ9OqRQiQoi e1YdpAH/OQh3HSQ/butPnjUZdukPB/0izQmczXHoW5f1Q5rbFy0y1xy2bCbFsYij 4ReQ7QHrMb8nvGZ7OW/YKDCX2LOGnMdRGjSW6CmjK7rW0veqfoypgF1RaC0fABEB AAG0LU5TQSdzIE1pY3Jvc29mdCBDQVBJIGtleSA8cG9zdG1hc3RlckBuc2EuZ292 PokBFQMFEDfTdJE+e8qoKLJFUQEBHnsH/ihUe7oq6DhU1dJjvXWcYw6p1iW+0euR YfZjwpzPotQ8m5rC7FrJDUbgqQjoFDr++zN9kD9bjNPVUx/ZjCvSFTNu/5X1qn1r it7IHU/6Aem1h4Bs6KE5MPpjKRxRkqQjbW4f0cgXg6+LV+V9cNMylZHRef3PZCQa 5DOI5crQ0IWyjQCt9br07BL9C3X5WHNNRsRIr9WiVfPK8eyxhNYl/NiH2GzXYbNe UWjaS2KuJNVvozjxGymcnNTwJltZK4RLZxo05FW2InJbtEfMc+m823vVltm9l/f+ n2iYBAaDs6I/0v2AcVKNy19Cjncc3wQZkaiIYqfPZL19kT8vDNGi9uE= =PhHT -----END PGP PUBLIC KEY BLOCK----- Type Bits/KeyID    Date       User ID pub  1024/346B5095 1999/09/06 Microsoft's CAPI key <postmaster@microsoft.com> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCPAzfTc8YAAAEEALJz4nepw3XHC7dJPlKws2li6XZiatYJujG+asysEvHz2mwY 2WlRggxFfHtMSJO9FJ3ieaOfbskm01RNs0kfoumvG/gmCzsPut1py9d7KAEpJXEb F8C4d+r32p0C3V+FcoVOXJDpsQz7rq+Lj+HfUEe8GIKaUxSZu/SegCE0a1CVABEB AAG0L01pY3Jvc29mdCdzIENBUEkga2V5IDxwb3N0bWFzdGVyQG1pY3Jvc29mdC5j b20+iQEVAwUQN9Nz5j57yqgoskVRAQFr/gf8DGm1hAxWBmx/0bl4m0metM+IM39J yI5mub0ie1HRLExP7lVJezBTyRryV3tDv6U3OIP+KZDthdXb0fmGU5z+wHt34Uzu xl6Q7m7oB76SKfNaWgosZxqkE5YQrXXGsn3oVZhV6yBALekWtsdVaSmG8+IJNx+n NvMTYRUz+MdrRFcEFDhFntblI8NlQenlX6CcnnfOkdR7ZKyPbVoSXW/Z6q7U9REJ TSjBT0swYbHX+3EVt8n2nwxWb2ouNmnm9H2gYfXHikhXrwtjK2aG/3J7k6EVxS+m Rp+crFOB32sTO1ib2sr7GY7CZUwOpDqRxo8KmQZyhaZqz1x6myurXyw3Tg== =ms8C -----END PGP PUBLIC KEY BLOCK-----