Cryptographic Hardening of SCEP Transactions for the Network Device Enrollment Service (NDES)

The Simple Certificate Enrollment Protocol (SCEP) is an ancient protocol from the early 2000s. It does not use Transport Layer Security (TLS). Therefore, the protocol messages are encrypted at the transport layer.

When sending the certificate request to the NDES server, the client will sign the certificate request with the NDES server's CEP encryption certificate (which was previously communicated to it via the GetCACert message).

Upon receiving the issued certificate, the NDES server will encrypt the response using a self-signed certificate temporarily generated by the SCEP client.

In both cases, a symmetric encryption algorithm is used.

Continue reading „Kryptographische Härtung der SCEP-Transaktionen für den Registrierungsdienst für Netzwerkgeräte (Network Device Enrollment Service, NDES)“

Details of the event with ID 18 of the source Microsoft-Windows-NetworkDeviceEnrollmentService

Event Source:Microsoft-Windows-NetworkDeviceEnrollmentService
Event ID:18 (0x12)
Event log:Application
Event type:Error
Symbolic Name:EVENT_MSCEP_FAIL_TO_DECRYPT_INNER
Event text (English):The Network Device Enrollment Service cannot decrypt the client's PKCS7 message (%1). %2
Event text (German):The client's PKCS7 message (%1) cannot be decrypted by the network device registration service. %2
Continue reading „Details zum Ereignis mit ID 18 der Quelle Microsoft-Windows-NetworkDeviceEnrollmentService“
en_USEnglish