The software that checks the validations is protected by the "_KEY" (like a primary key that allows resetting other keys). If the "_KEY" works fine -- the problem ends there. However, if it fails to work, the "_NSAKEY" is checked!! This is hardly how a vault is supposed to work. On a bank vault with two dials BOTH must be properly set for the vault to open. Any second key with a fail over, is thus a backdoor in its truest sense. It is a hidden way to perform all the security functions. What is worse is that the "_NSAKEY" can be changed by anyone having access to the front of the vault by a mere screwdriver!!! And that screwdriver can be downloaded from the Internet.

The whole process comes about then without the user's permission or knowledge! What more could one call this but a "breach of trust"?

Crucial Difference

It is very important to note the difference between key loss and key compromise. Key loss is the loss of the private key itself, and with it, the ability for Microsoft to sign Cryptographic Service Providers. Key compromise means the loss of the confidentiality associated with the key, as would happen if someone gained a copy of the key. If the "_NSAKEY" can be used, or a replacement inserted and it is used, the effect is the same as if the Microsoft "'_KEY" has been compromised, with regard to anyone victimized by this.

In simple language when a software component is designed in such a way that it does not function like it was supposed to, and that change weakens the security, then it is called a "Trojan". Until the forced revelation by Microsoft then, the presence of "_NSAKEY" causes CryptoAPI to come under the definition of a "Trojan".

Andrew Fernandes illustrates how you can create your own CSP to replace that "_NSAKEY" of Microsoft: