EU key management in 2022

2021-12-07 06:30

It was reported that the private key used to sign EU Digital Covid certificates was leaked and circulated on messaging apps and online data breach marketplaces.

The key was misused to generate certificates for Adolf Hitler, Mickey Mouse, and Sponge Bob that were, for a short time, recognized as valid by official government apps.

It turned out that the cryptographic keys used to sign certificates had not been compromised - the European Commission stated that their investigation has shown that those forged certificates were generated "By persons with valid credentials to access the national IT systems, or a person misusing such valid credentials."

When a key compromise that can have an impact on thousands or even millions of users occurs, we - as identity providers - reiterate the vital need for proper key agility and key rotation, which forms the base of any healthy key management practice.

Rotating keys, on the other hand, help meet industry standards and cryptographic best practices.

With the growing number of PKI certificates in use and ever-changing regulation, more and more companies and governments struggle to get this right, and might get caught in a scandal of key compromise sooner or later due to oversight, imprudence or lack of knowledge.

News URL

https://www.helpnetsecurity.com/2021/12/07/eu-key-management/

#EU #management