Microsoft KB Archive/812594

= XADM: Key Management Server Concepts in Exchange 2000 =

Article ID: 812594

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-



IN THIS TASK

 * SUMMARY
 * Exchange 2000 Key Pair System
 * Key Types and Their Uses
 * Certificates
 * Digital Signatures
 * Message Encryption and Decryption
 * Message Signing and Verification
 * KMS Administration - Enrolling Users
 * KMS Administration - Revoking Certificates
 * Recovering Keys
 * Backing Up and Restoring the KMS Database
 * Repairing and Checking Database Integrity



SUMMARY
This informational article discusses key usage in Exchange 2000 Advanced Security, and converging concepts about the Key Management Server.

back to the top

Exchange 2000 Key Pair System
Advanced Security in Exchange 2000 uses a dual key pair system, meaning that two key pairs are created for each enrolled user. One key pair is used for creating digital signatures, and the other key pair is for encrypting messages.

Every Advanced Security user has at least two key pairs; a key pair for message encryption that is generated by Key Management server (KMS) during enrollment, and a key pair for digital signatures that is generated by the user’s mail client, such as Microsoft Outlook or another S/MIME compliant e-mail client.

Note If you use X.509v1 certificates that are issued by a KMS in your organization, an additional key pair for digital signatures is created. One signature key pair is used with X.509v1 certificates, and the other signature key pair with X.509v3 certificates.

KMS server’s Cryptographic Service Provider (CSP) generates the user’s encryption key pair, and then KMS requests a certificate from the CA. The user's private encryption key is then stored in an encrypted database on the user's KMS. This makes it possible for KMS administrators to have access to the keys, providing for system-wide key recovery, key and certificate revocation, and other key management tasks that are designed to safeguard encrypted data in your organization.

A user's key pair is made up of a public key that is stored in the Active Directory as an attribute of the user object that is available to anyone. The other key is a private key that is kept on the client computer in a secure location that is available only to the user, preserving the non-repudiation feature of digital signatures. The keys are bound to the user by the certificate that the keys were created from.

Note The user’s private digital signature keys are stored as:
 * Microsoft Outlook 97 and older clients store private keys in an encrypted .epf file.
 * Microsoft Outlook 98 keys are kept in a Microsoft Internet Explorer protected store.
 * Microsoft Outlook 2000 private keys are stored in the registry.

back to the top

Key Types and Their Uses
Four different types of keys are supported in Exchange 2000 Advanced Security. These are:
 * Public Encryption Key

A public encryption key is used to encrypt messages that are sent by users. In public key encryption, the sender retrieves the recipient's public key from the Active Directory and uses it to encrypt a message.
 * Private Encryption Key

A private encryption key is used to decrypt the encrypted message that is received by a user. Only the recipient's corresponding private key can decrypt the message so other users cannot read the contents.
 * Public Signature Key

When a user receives a message that has been signed, a public signature key is used to verify the sender. Recipients use the sender's public key to verify the source of the message. Only the correct public key works with the private signing key, so recipients can be certain of the identity of the sender.
 * Private Signature Key

A private signature key is used to digitally sign messages that are sent by users. Digital signatures contain information that is based on the contents of the message, so verification of the signature also means that the integrity of the data is intact. A digitally signed message cannot be tampered with while in transit without being detected.

back to the top

Certificates
A certificate is an authentication method that is used in security. A certificate is created by the certification authority (CA) for each user who is enabled for Advanced Security, so a user that is not enabled for Advanced Security does not have a certificate. This certificate is used primarily to store a user’s public key.

There are two primary X.509 certificates that are created for each user who has Advanced Security enabled. One certificate is used to store the public encryption key information, and the other is used to store the public signature key information.back to the top

Digital Signatures
Digital signatures make it possible for a recipient to be certain of the identity of the sender and verify that the content of the message has not been modified during transit.

When a digital signature is added to a message, the message contents are used to compute a hash value that identifies the sender and provides a digital fingerprint. A message digest algorithm, the message contents, and the sender’s private key are used to generate the hash value.

To validate the sender’s identity, the recipient decrypts the original hash value by using the sender's public key that is obtainable from a trusted directory, such as the Active Directory. The message is decrypted, and then a new hash value is computed from the received text and compared to the original hash value. If they match, the contents and the sender’s identity are verified.

Note Optionally, the sender’s public signature key may be sent with the signed message.

back to the top

Message Encryption and Decryption
Message encryption and decryption is a process that is &quot;transparent&quot; to the user. It is performed with no interaction between the client and additional network services except for a directory query to obtain the recipient’s public key. Details of each process follow.

Encryption
Message encryption makes it possible for the sender to encrypt the message body and any attachments. To send an encrypted message, both the sender and the recipient must have Advanced Security enabled. When a user sends an encrypted message, the Exchange client encrypts the message by using a session key that is encrypted with the intended recipient’s public key. To create the session key, a one-time symmetric key, the sender must have access to the recipient’s public key. In most cases, public keys that are required for encrypting messages are obtained from the Exchange server by the sender’s e-mail client, such as Outlook. When a user composes an encrypted message that is addressed to another Advanced Security-enabled Exchange user, the following occurs:
 * 1) The sender selects the recipient from the Global address list.
 * 2) Outlook requests the public key for the recipient from the Exchange server.
 * 3) If the server is running Exchange Server 5.5, the contents of the X509-Cert attribute of the mailbox, custom recipient, or public folder are returned to Outlook.
 * 4) If the server is running Exchange 2000 Server, the contents of the userCertificate attribute of the mailbox or mail-enabled object from the Active Directory are returned to Outlook.
 * 5) A one time symmetric session key is encrypted by using the recipient’s public key.
 * 6) The message is encrypted by using the session key.
 * 7) The message is sent to the recipient.

Decryption
Message decryption makes it possible for the sender to decrypt the message body and any attachments. To decrypt a message, Outlook uses the recipient’s private key to decrypt the symmetric key that is then used to decrypt the message. Because the recipient of the message is the only person that has access to the private key, the message is secure, allowing no one other than the intended recipient to read the message contents.

back to the top

Signing a Message
When a user signs a message, the client generates a digital signature that is a checksum of the message. The digital signature is then encrypted by using the sender's private signature key. Finally, the original plaintext message, the digital signature, and the sender's signature certificate that contains the sender's public signature key are sent to the recipient.

Verifying a Signature
To verify a signature, the recipient checks the sender's signature certificate against the Certificate Revocation List (CRL). If the certificate is on the list, the recipient is warned that the sender's certificate has been revoked. If the sender's certificate is valid, the encrypted digital signature is decrypted by using the sender's public signature key that was sent with the message. Finally, the client performs a checksum on the plaintext message that is then compared with the decrypted digital signature. The two values must match. If the values do not match, the recipient is warned that the message has been altered since it was originally signed.

back to the top

KMS Administration - Enrolling Users
The Active Directory is used to enroll users in Advanced Security individually, by group, by Exchange administrative group, or by server.

Note The administrator password is required only one time per enrollment. By default, the password is password.

When users are enrolled, KMS requests certificates on their behalf from Certificate Services. The certificates are then used to create two key pairs for each user. One key pair that is created on the client is for digital signatures, and the other key pair that is created on KMS is for e-mail encryption. When you are ready to enroll users in KMS, you have the option of individual or bulk enrollment. Through either method, the users you enroll will receive an enrollment token. You can enroll users by using the Exchange System Manager or by using the Active Directory Users and Computers snap-in.

To enroll individual users in the Exchange System Manager:
 * 1) In Exchange System Manager, click Advanced Security.
 * 2) In the right pane, right-click Key Manager, point to All Tasks, and then click Enroll Users.
 * 3) In the Enroll Users Selection box, click Display an alphabetical list of user names from the global address book, and then click OK.
 * 4) Your organization's address book appears in the Enroll Users box.
 * 5) Click one or more users, and then click Add to add them to the Selected users column.
 * 6) To send them a token, click Enroll.

Note Users who are currently enrolled in KMS are visible, but are not available for selection.

To enroll groups of users in the Exchange System Manager:
 * 1) In Exchange System Manager, click Advanced Security.
 * 2) In the right pane, right-click Key Manager, point to All Tasks, and then click Enroll Users.
 * 3) In the Enroll Users Selection box, click Display mailbox stores, Exchange servers, and administrative groups of eligible users, and then click OK.
 * 4) Your organization's administrative groups appear in the Enroll Users box.
 * 5) Expand the appropriate administrative group, and continue to expand until you can click the node you want for enrollment.
 * 6) When you click Enroll, all the users in the node are selected, and all its sub-nodes receive a token.

Note Individual users can also be enrolled in Advanced Security through Active Directory Users and Computers. In Active Directory Users and Computers, additional detail is displayed for every enrolled user, including an individual's security status, their Key Management server, and certificate activation and expiration dates.

back to the top

KMS Administration - Revoking Certificates
If a user's private key becomes compromised, it must be revoked by the KMS administrator. To disable Advanced Security for a specific user, revoke the user's certificate. You can revoke user certificates from Exchange System Manager or from Active Directory Users and Computers. In Exchange System Manager, click Advanced Security, right-click Key Manager, point to All Tasks, and then click Revoke Certificates. In Active Directory Users and Computers, view the properties of the user, click the Exchange Features tab, view the properties of E-mail Security, and then click Revoke.

Note No matter which method you use to revoke certificates, you must type the KMS administrator password. By default, the administrator password is password.

back to the top

Recovering Keys
Key recovery may be necessary for two reasons; when users are imported from another KMS, and when users lose their keys.

Users Imported From Other KMS Servers
When Advanced Security users are exported from their original KMS, their certificates are revoked. After they have been migrated to a new KMS, they can continue to use their old keys to read old encrypted e-mail. However, the user’s old keys are now bound to a certificate that is published to your organization's CRL. Because of this, new certificates and corresponding keys are needed for users to create new encrypted messages. To make sure that users receive valid keys, key recovery is the final step in the export and import process.

Users Lose Their Keys
Users can lose their existing keys by forgetting their password, or if their computer experiences a hardware failure. Key recovery prevents the user from losing their encrypted e-mail, and can recover potentially important information.

In key recovery, as in the enrollment process, the user is issued a token. The recovery token is issued the same way you choose to issue enrollment tokens, either through an administrator, or by an e-mail message. After entering this recovery token in Outlook, a new signature key pair is created for the user. Additionally, KMS returns all the user's old keys. For imported users, a new encryption key pair is generated.

You can recover user keys from Exchange System Manager or from Active Directory Users and Computers. To recover keys in Exchange System Manager:
 * 1) In Exchange System Manager, click Advanced Security.
 * 2) Right-click Key Manager, point to All Tasks, and then click Recover Keys.

back to the top

Backing Up and Restoring the KMS Database
To periodically save your KMS database, use Windows 2000 Backup. Maintaining regular backups of your KMS database makes it possible for you restore your organization's certificates and keys with minimum downtime. If every server in your organization were to be destroyed, you would need all the following backups and passwords to restore KMS functionality:
 * The CA certificate .P12 file backup and password.
 * An Active Directory backup that contains the KMS administrator accounts.
 * A KMS database backup and database startup password.
 * The KMS administrator passwords.

To complete a restoration, you must complete the following operations:
 * Restore Active Directory.
 * Restore the Certification Authority servers.
 * Restore the KMS database.

Restoring the Certificate Authority
To restore a CA, two pieces of information are required; the CA certificate, and the original CA server name because the CA certificate must be restored to a server by using the same name as your original CA server.

Restoring the KMS Database
To restore a KMS database:
 * 1) Install Key Management Services from the Exchange 2000 Server CD-ROM.

Note KMS does not have to be reinstalled to an Exchange server with the same name as the backup, but you may want to do so.
 * 1) If you chose to put the KMS startup password in the Kmserver.pwd file, move this file to a safe location.
 * 2) Stop the KMS service, and then move all files in the Exchsrvr\Kmsdata folder to a safe location.
 * 3) Copy the previous Kmserver.pwd file into place, if it exists.
 * 4) Start the KMS service.
 * 5) If no Kmserver.pwd file was used, you must type the startup password in the start parameters for the service.

Note Starting KMS with no database in place starts the service in a semi-running mode so you can restore a backup database.
 * 1) Use Windows 2000 Backup to restore the previous KMS database.
 * 2) Stop, and then restart the KMS service.

back to the top

Repairing and Checking Database Integrity
The Microsoft Exchange Key Management Server service includes the Kmserver.exe file. After you stop the Exchange Key Management Server service, you can use a variety of command-line switches with Kmserver.exe to perform tasks such as repairing the database file. For additional information about a related topic, click the following article number to view the article in the Microsoft Knowledge Base:

232609 XADM: How to Verify the Integrity of a Key Management Server Database

back to the top

Keywords: kbinfo kbhowtomaster KB812594

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.