Microsoft Security Advisory: Update for minimum certificate key length

Microsoft has released a Microsoft security advisory for IT professionals. This advisory announces that the use of RSA certificates that have keys that are less than 1024 bits long will be blocked. To view the security advisory, go to the following Microsoft website:
To reduce the risk of unauthorized exposure of sensitive information, Microsoft has released a nonsecurity update (KB 2661254) for all supported versions of Microsoft Windows. This update will block cryptographic keys that are less than 1024 bits long. This update does not apply to Windows 8 Release Preview or Windows Server 2012 Release Candidate because these operating systems already include the functionality to block the use of weak RSA keys that are less than 1024 bits long.

The primary resolution for any issue that is related to blocking of a certificate that has a key length of less than 1024 bits is to implement a larger (1024 bit key length or larger) certificate. We recommend that users implement certificates that have a key length of at least 2048 bits.

Increase the key size for certificate issued through certificate autoenrollment

For templates that issued RSA certificates with key lengths of less than 1024 bits, you should consider increasing the minimum key size to a setting of at least 1024 bits. This assumes that the devices to which these certificates are issued support a larger key size.

After you increase the minimum key size, use the Reenroll All Certificate Holders option in the Certificate Templates Console to cause the client computers to Reenroll and request a larger key size.



If you have issued certificates by using the built-in Smartcard Logon or Smartcard User templates, you will be unable to adjust the minimum key size of the template directly. Instead, you will have to duplicate the template, increase the key size on the duplicated template, and then supersede the original template with the duplicated template.



After you supersede a template, use the Reenroll All Certificate Holders option to cause the client computers to Reenroll and request a larger key size.

Allow key lengths of less than 1024 bits by using registry settings

Microsoft does not recommend customers use certificates less than 1024 bits long. Customers may however need a temporary workaround while a longer term solution is developed to replace RSA certificates with a key length of less than 1024 bits length. In these cases, Microsoft is providing the customers the ability to change the way the update functions. Customers configuring these settings are accepting the risk that an attacker may be able to break their certificates and use them to spoof content, perform phishing attacks, or perform Man-in-the-Middle attacks.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756 How to back up and restore the registry in Windows

On Windows 8 or Windows Server 2012-based computers that have the update applied, the following registry path and settings can be used to control detection and blocking of RSA certificates with less than 1024 bit key lengths.

HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDLLCreateCertificateChainEngine\Config

There are four main values that control how keys under 1024 bits blocking works. These are as follows:

• MinRsaPubKeyBitLength
• EnableWeakSignatureFlags
• WeakSignatureLogDir
• WeakRsaPubKeyTime

Each of these values and what they control are discussed in the following sections.

For operating systems starting with Windows Vista and Windows Server 2008, you can use certutil commands to change these registry settings. On Windows XP, Windows Server 2003, and Windows Server 2003 R2, you cannot use certutil commands to change these registry settings. However, you can use Registry Editor, reg command, or reg file.

MinRsaPubKeyBitLength

MinRsaPubKeyBitLength is a DWORD value that defines the minimum allowed RSA key length. By default, this value is not present, and the minimum allowed RSA key length is 1024. You can use certutil to set this value to 512 by running the following command:

certutil -setreg chain\minRSAPubKeyBitLength 512

NoteAll certutil commands shown in this article require local Administrator privileges because they are changing the registry. You can ignore the message that reads "The CertSvc service may have to be restarted for changes to take effect." That is not required for these commands because they do not affect the certificate service (CertSvc).

You can revert to blocking keys that have a length of less than1024 bits by removing the value. To do this, run the following certutil command:

certutil -delreg chain\MinRsaPubKeyBitLength

EnableWeakSignatureFlags

The EnableWeakSignatureFlags DWORD value has three potential values: 2, 4, 6, and 8. These settings change the behavior of how the keys under 1024 bits detection and blocking works. The settings are described in the following table:

Examples

To enable an RSA root certificate that has a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 2

To enable logging while still blocking certificates that use a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 4

To enable logging of only RSA certificates below the root certificate that have a key length of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 6

To enable logging only and not blocking key lengths of less than 1024 bits, use the following certutil command:

certutil -setreg chain\EnableWeakSignatureFlags 8

Note When you enable logging (decimal setting 4, 6, or 8), you must also configure a log directory as described in the next section.

WeakSignatureLogDir

When defined, certificates that have a key length of less than 1024 bits are written to the specified folder. For example, C:\Under1024KeyLog could be the data for this value. This option is required when EnableWeakSignatureFlags is set to 4 or 8. Make sure that you configure the security on the specified folder so that both Authenticated Users and the local group All Application Packages have modify access. To set this value for C:\Under1024KeyLog, you can use the following certutil command:

Certutil -setreg chain\WeakSignatureLogDir "c:\Under1024KeyLog"

You can also configure the WeakSignatureLogDir to write to a network shared folder. Make sure that you have the appropriate permissions configured for the network location so that all configured users can write to the shared folder. The following command is an example of configuring the WeakSignatureLogDir to write to a folder named Keys that is in a network shared folder named RSA on Server1:

Certutil -setreg chain\WeakSignatureLogDir "\\server1\rsa\keys"

WeakRsaPubKeyTime

The WeakRsaPubKeyTime is an 8 byte REG_BINARY value that contains a Windows FILETIME data type stored as UTC/GMT. This value is available primarily to reduce potential problems by blocking keys that have a length of less than 1024 bits for Authenticode signatures. Certificates that are used to sign code before the configured date and time are not checked for keys that have a length of less than 1024 bits. By default this registry value is not present and is treated as early morning January 1, 2010 at midnight UTC/GMT.

NoteThis setting is only applicable to when a certificate was used to Authenticode sign a time stamped file. If the code is not time stamped, then the current time is used and the WeakRsaPubKeyTime setting is not used.

The WeakRsaPubKeyTime setting allows for the configuration of the date for which to consider older signatures valid. If you have reason to set a different date and time for the WeakRsaPubKeyTime, you will can use certutil to set a different date. For example, if you wanted to set the date to August 29, 2010, you could use the following command:

certutil -setreg chain\WeakRsaPubKeyTime @08/29/2010

If you must set a specific time, such as 6:00 PM on July 4, 2011, then add the number of days and hours in the format +[dd:hh] to the command. Because 6:00 PM is 18 hours after midnight on July 4, 2011, you would run the following command:

certutil -setreg chain\WeakRsaPubKeyTime @01/15/2011+00:18

Configuring Certificates on Internet Information Services (IIS)

If you are an IIS customer who has to issue new certificates that are 1024 bits or longer, see the following articles:

For a list of files that are provided within these packages, click the following link: