German Health Insurance Card CA Loses Secret Key

Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"

Oh c'mon, be fair!

[Opportunist]

Not even a month ago you chided them because there were too many copies (some of them even offsite, they just didn't know who had them now), now you chew them out for having too few. Make up your effing mind!

Re:Oh c'mon, be fair!

[MindKata]

"too many copies" ... "having too few"

This kind of organisation usually has a backup somewhere, they just have to find it. Its usually backed up on a post-it note somewhere. Maybe they should ask all of us to look for it, on the sides of our monitors.

Re:Oh c'mon, be fair!

[Vu1turEMaN]

My Day 1:

I actually found the administrator password on a post-it note on the back of the server's CRT monitor while cleaning the server room.

"Fucking amazing" I said out loud, and as I pulled it off, on the back was the AmEx credit card number, expiration date, and 3digit pin for our organization to order IT stuff.

Then I noticed on the left underside of the CRT there was another post-it that said Ctrl Shift Alt Num+....so I pressed that and up came a hidden menu of hidden apps running (SysTrayX + a sketchy prog to hide services in TaskManager), 90% of them illegal. Also uTorrent was running, seeding about 50 anime series buried deep within the network and using about half of the T3 connection's throughput.

And to top it all off, I deduced that the server had never had a fresh install of Windows. It used to have NT Server, then they used software to upgrade it to 2000 Server, and software again to upgrade it to Server 2003. ......

Day 7:

I get a call from the old IT guy asking me whats wrong with the connection, and I told him I reinstalled Server 2003, deleted his anime cache, changed the WPA-PSK keys from 1111111111 to something way more secure, reported the AmEx card as stolen to get a new one, changed the admin password and set password age limits on all accounts, and replaced the rootkit infected SCSI drives with new ones that would last longer. Also, I told the managers that his 5000$ quote for network-wide unlimited antivirus was utter bullshit and that he only got a cracked key for Norton 2003 and installed it only on the server, and prolly pocketed the money.

Damn dude was like "BUT I DIDNT BACK UP THE ANIME TO DVD YET!!!". Now I love anime as much as the next person, but I think he has other stuff to worry about at this point.

But you know what got me the most mad and prompted all of this? The server was named Odie, and the computers were all garfield characters.

CALVIN AND HOBBES FTW!!!!

Re:Oh c'mon, be fair!

[Vu1turEMaN]

Oh, and his DAT72 backups had been failing for the last 2 years and he had never checked the logs.

Good thing he left to start his own business! /shudder

Re:Oh c'mon, be fair!

[Opportunist]

If everything fails, keep browsing through various pages trading in that stuff, you'll eventually find it...

Re:Oh c'mon, be fair!

[Hurricane78]

Day 8:
You got fired, and the system got "restored" because your "fixes" halted the whole "business".
It was a sad day.

Re:Oh c'mon, be fair!

[Vu1turEMaN]

Heh...I'm actually just doing a paid internship at a non-profit after their full-time guy left. It was supposed to end on May 1st, but hey I guess they love what I've done.

Got them a cheap dedicated backup system, updated all the systems and reinstalled an NLite-ed XP on every computer, and moved them from Exchange to Google. Oh, and the lab computers run Ubuntu.

They also loved it when I found the IT guy's secret paypal business account with 3000$ sitting in it that was supposed to be used for something else (battery backup replacement batteries). Putting passwords in a file on the administrator's desktop called "passwords for everything.txt" is sooooo helpful for when you're trying to be sneaky.

Seriously, this shit is a soap opera of IT-isms.

Re:Oh c'mon, be fair!

[roc97007]

...Then the business got pwned six times the following month and abruptly went Chapter 7.

Re:Oh c'mon, be fair!

[Artifex]

Are you making this up? If not, your company should take criminal action against the prior employee.

Re:Oh c'mon, be fair!

[Vu1turEMaN]

Done months ago. And no, I don't make shit up. They settled (out of pity) for the money they found that he took after going through their books, but he's pretty much blacklisted in the city we're located in so he moved.

The whole branch nonprofit is over to free software (minus xp/2003 on the dell computers they have and office 2003/outlook 2007 VLKs bought from techsoup).

The last thing they need to do is switch to voip and get rid of the horrible lease they're on for their ancient PBX that this idiot convinced them to get.

Re:Oh c'mon, be fair!

[v1]

Its usually backed up on a post-it note somewhere.

For a root CA private key, better be a big post-it note

(or written in really small letters)

Re:Oh c'mon, be fair!

[Mister+Whirly]

He probably only convinced them to get the PBX so he could run conference calls and sell them to people on the outside for a profit.

Re:Oh c'mon, be fair!

This shit happens all the time in the public sector in the UK, though not really to the scale as the OP's.

The last dude where I work replaced 6 100mbps switches with 6 other 100mbps switches with identical functionality "because the network needs it" so he could pocket the £200 digital camera the vendor threw in as a freebie...
He also ordered in a nice ultraportable tablet machine "for use when cabling" (this guy did no cabling)... it was seen for a few days then it dissapeared. He was in charge of auditing equipment - no audits were made :)
Additionally, this moron left his usernames/passwords (including PERSONAL ones!) on his laptop's HDD, unencrypted, thinking because he had set a Windows password it was safe...

The problem is that there doesn't seem to be any real "heads" of IT that actually know anything about IT - they are just normal middle-managers who have worked their way up the ranks, who have been put in charge of IT. This opens up the way for any BOFH to get in as sysadmin and just talk bollocks to the bosses.

Re:Oh c'mon, be fair!

[WarlockD]

Let be guess, a Lucent Partner "so-easy-an-idiot-can-setup" phone system?;)

I don't have anything agenst Partners, you were locked in harder than Microsoft with those systems.

Re:Oh c'mon, be fair!

[Yaa+101]

Common keysize is 2048 bits which makes 256 8-bit words or characters.

Re:Oh c'mon, be fair!

I would offer that there are advantages of using the MS systems which may or may not be appropriate on a case by case basis.

While I do work in a Microsoft shop, I do maintain a number of on site unix/linux systems and must say that overall I spend more time working on the 'free' software on what it can't do versus what the client 'wants' it to do and trying to get it to that point. And largely this is due to support or lack thereof depending on what it is.

Believe me, I'm not advocating one way or the other and I'd rather not use the MS software, but its what people know.

Last, no outside company will ever run our email. Will not farm it out to save the day. At least I know that my email won't be gone when the google cloud blows up.

Re:Oh c'mon, be fair!

[Ihmhi]

Since you don't have your e-mail listed, I'm posting here.

I'm a highly underpaid IT admin working at a 501(c)(3) trying to admin a woefully underequipped, underpowered, and understaffed network. I'm having a hard time figuring everything out. If I could toss a few questions your way and you'd have the time to answer them, would you please e-mail me?

ihmhi6@gmail.com

Re:Oh c'mon, be fair!

[v1]

that's 512 0-9A-F (or 65536 0-1 I suppose) to write down. And I thought trying to enter a WEP key in windows was bad...

Re:Oh c'mon, be fair!

That was my christmas tree budget you insensitive clod!

Re:Oh c'mon, be fair!

[mybecq]

But you know what got me the most mad and prompted all of this? The server was named Odie, and the computers were all garfield characters.

So it was a pretty small shop then...

Re:Oh c'mon, be fair!

[Vu1turEMaN]

http://en.wikipedia.org/wiki/Garfield_and_Friends#The_cast

Pretty much he ordered them straight from the same source as the wiki, which is about 50~ characters between Garfield and the farm sub-show.

Seeing 50 computers named after a garfield show made me want to turn him in. Seriously. I wouldn't have minded much if the main server was Calvin and the file storage one was Hobbes, but Odie and Nermal are horrible names.

Now I'm following the ol' LT5VOS1510 format, which means its the 5th Vostro 1510 laptop that we have.

Re:Oh c'mon, be fair!

[Vu1turEMaN]

Our shitty phones and system can't even properly handle any more than 3 people on a "conference call" at once....it sucks and is quite unstable.

Re:Oh c'mon, be fair!

[Artifex]

The whole branch nonprofit is over to free software (minus xp/2003 on the dell computers they have and office 2003/outlook 2007 VLKs bought from techsoup).

This, oddly enough, is the most surprising thing to me that you've said. A nonprofit my mom supports bought a bunch of keys/software from Techsoup about a year ago, and so far they have run into continued delays in trying to get actual delivery. Gives me hope, though, that their experience is ususual, and will get sorted out eventually.

Re:Oh c'mon, be fair!

[Vu1turEMaN]

If they have a 503c number, then filling out all the proper forms ahead of time and talking to the people constantly over the phone is good for the first order. After the first order I just used it like any other website.

Also consider cancelling the order via the control panel (if they havent received everything). Also, faxing everything, including the order form, seems to expedite the process sometimes.

Old guy bought Office 2003, which was the only smart thing he did (a month too soon to get the free upgrade to 2007 though). I just bought Outlook 2007 (4$ a seat woooo) which is dead useful since the Ribbon isn't used throughout and gmail/internet calendar downloading is 1000x faster now and more reliable.

Re:Oh c'mon, be fair!

[hesaigo999ca]

Grats to you dude, funny mod, but I wonder if this is a true story, if it is...grats!
If it is just a story, it definitely encapsulates what most IT departments suffer from ...
(ours included!)...mismanagement of funds, and software, and network to further embellish
the position of the admin in charge...I have had to opportunity to educate a few
narrow minds to this point...only to get fired because the dude, was the bosses son...
so although I pointed out to the board what all the ongoing hidden no,no situation
in the company...which was my job, they wrongfully fired me ( i won the case btw)...
all, in all, if you are admin and do things that cost more to the company then not,
it's like stealing...you have a duty to bring forward technologies to improve the company/network, not make it more fruitful for yourself!

Good job dude!

An HSM That Requires Continuous Power?

[Philip+K+Dickhead]

Even when accessing key material? C'mon! The Confidentiality, INTEGRITY, ASSURANCE triangle seems to be missing a couple of legs, in this instance.

That's really amateur. Sounds like someone swapped the Smart Cards with Dumb Cards...

Re:An HSM That Requires Continuous Power?

[Opportunist]

Don't blame the cards for the stupidity of their administrators.

Re:An HSM That Requires Continuous Power?

[rindeee]

For the record, the CIA triad is "Confidentiality, Integrity, Availability", which is actually more applicable in this case. Just sayin'.

Re:An HSM That Requires Continuous Power?

[ToasterMonkey]

The article says voltage drop, not loss of power. The whole point of using an HSM instead of software is so that it does this stuff. It must dump sensitive material or otherwise self destruct when an attack is detected. Someone may have been trying to steal it, while keeping it powered on for all it knew (I've never heard of that, but I know it can't be impossible). Normally, to power one of these things back on, you'd need multiple keys & pins, each given to different people.

Besides, the internal batteries in these things don't last forever, the keys should always be backed up properly. That can be done securely and fairly easily, so I really wonder what their excuse is.

Wrong Title, Wrong summary

[freedom_india]

Once again, misleading title to a different summary.
For fuck's sake, the Germans didn't lose the key.
The SSL Root CA lost that.
Get the facts right.
For a second i was wondering how Germans could that stupid. That is unlike the Germany i know. And exactly as i suspected, the German insurer had been insisting the root CA for backup while the CA thought it was unnecessary.
Is it the German company's fault?

 

Re:Wrong Title, Wrong summary

[Opportunist]

After all, we all know Germans are exact and punctual, Poles are thieves, Russians are drunk and Fins are even more so. Oh, and Mexicans are lazy and US people are simple minded. Any stereotype missing?

Re:Wrong Title, Wrong summary

[Sockatume]

The summary even states that Gematik insisted on a back-up less operation, and then provides a quote explicitly stating that they did no such thing! Slashdot: doing for editorial accuracy what Fox does for editorial neutrality.

Re:Wrong Title, Wrong summary

[MancunianMaskMan]

Any stereotype missing?

yes.

we British are all of the above.

Re:Wrong Title, Wrong summary

I've noticed Canadians make everything a question, eh?

Re:Wrong Title, Wrong summary

[Opportunist]

Not only that, they have really weird tastes, too. In food and bed. Sometimes at the same time.

Re:Wrong Title, Wrong summary

[TheRealMindChild]

Duh! The blacks are on the corner smacking their cracked out hoe baby mama, while smoking a blunt and drinking a 40 that they got from the 7-11 that Indian Mr Habib and his wife Shanti own.

Re:Wrong Title, Wrong summary

[Hognoxious]

I must take issue with your sweeping nationalistic statement. Poles aren't theives - that's Romanians. Poles are honest. Crap at plumbing, but honest.

Re:Wrong Title, Wrong summary

[multisync]

The summary even states that Gematik insisted on a back-up less operation, and then provides a quote explicitly stating that they did no such thing!

Gematik commissioned D-Trust to provide the root CA as a service. D-Trust managing director Matthias Merx stated "Gematik decided to 'do without a back-up'. As a service provider, we have to accept that."

From the article and summary:

"Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service ..."

Slashdot: doing for editorial accuracy what Fox does for editorial neutrality.

Indeed. Two sides claiming different things. Must be Slashdot's fault.

Re:Wrong Title, Wrong summary

[Ender_Stonebender]

And how exactly do you pull off being exact and punctual while being sloppy and unable to figure out what time it is from being drunk?

Re:Wrong Title, Wrong summary

[Itninja]

FYI...'Habib' is an Arabic, not Indian, name. It means, roughly, 'sweetheart'. I would suggest 'Mr. Sharma' for the Indian name.

Re:Wrong Title, Wrong summary

And how exactly do you pull off being exact and punctual while being sloppy and unable to figure out what time it is from being drunk?

Because we can handle our drink!

Free +5 funny for whoever follows up with a comment about US beer....

Re:Wrong Title, Wrong summary

[jDeepbeep]

.... and US people are simple minded. Any stereotype missing?

Simple minded? I thought we were just fat and lazy.

Re:Wrong Title, Wrong summary

[George+Beech]

And how exactly do you pull off being exact and punctual while being sloppy and unable to figure out what time it is from being drunk?

Practice... lots and lots of practices. Speaking of which it's time for me to do some practicing.

Re:Wrong Title, Wrong summary

[maxume]

At least a little, they apparently made the mistake of trusting the root CA.

Re:Wrong Title, Wrong summary

The French where too rude with their heads too far up their asses to care.

The Spanish... well, no one expected the SPANISH INQUISITION!

The Swiss will be glad to service you, but they'll be damned to let you live in their country.

Italians have their own racket going for Health Insurance... it's called pay and you won't get shot.

Re:Wrong Title, Wrong summary

Hmm. The CA was D-Trust. Care to guess what country D-Trust operates out of?

Re:Wrong Title, Wrong summary

[Opportunist]

The "crap at plumbing" is due to a little known fact. Namely that Poland invested zero into the infrastructure in the western areas they got after WW2, fearing they'll eventually return it to Germany. Until not too long you could find pipes dating back to pre-1940.

Re:Wrong Title, Wrong summary

[Nidi62]

Yeah, you forgot that the French throw up their arms in surrender every time they hear a cork pop.

Re:Wrong Title, Wrong summary

[fishbowl]

>Until not too long you could find pipes dating back to pre-1940.

The ability to keep a system like that working is the mark of a *good* plumber.

Re:Wrong Title, Wrong summary

[Sponge+Bath]

how exactly do you pull off being exact and punctual...

They tattoo the pub opening time and location on their arms.

Re:Wrong Title, Wrong summary

No, we're also loud, obnoxious, and generally socially clueless.

Re:Wrong Title, Wrong summary

[Bemopolis]

After all, we all know Germans are exact and punctual

Well, we DO know that they are awfully good at writing numbers down. Sometimes even up the arm.

Re:Wrong Title, Wrong summary

For a second i was wondering how Germans could that stupid. That is unlike the Germany i know.

Don't confuse regular German companies and engineering with German public projects like these. The latter is usually a competition in who has got the best government connections and who can deliver the cheapest crap. The combination of corruption and the fact that you can sell any piece of crap to imcompetent officials often has hilarious results like these. You could call it the most expensive entertainment tax payer money can buy.

Re:Wrong Title, Wrong summary

A fact is not a stereotype.

Re:Wrong Title, Wrong summary

[Sockatume]

I'm guessing that our self-evidently poor (well, my self-evidently poor) reading ability is to blame somewhere.

Re:Wrong Title, Wrong summary

Cork pop? They keep their arms in the air just in case.

Re:Wrong Title, Wrong summary

[Bigjeff5]

Have you ever been to a 7-11 in Seattle? My buddy and I stopped in to about 4 or 5 7-11's looking for directions (we were just passing through and very unfamiliar with Seattle). The very first 7-11 we stopped at I was like "Holy shit, no way!" it was an Indian immigrant at the counter, barely spoke english, naturally didn't know jack about where anything was. So we drove and found another. It was being run by another Indian who also didn't know jack about the town (we were looking for a Walmart, apparently there was one a couple miles away, but we kept missing it). By the third 7-11 with an Indian who didn't know jack about the town it became a combination of realizing that sometimes the stereotype is not an exaggeration by any stretch and wondering how the hell they get by on a gas station attendant's salary without knowing where frickin walmart is. When we saw that the fourth 7-11 was also being run by an Indian, we decided to forget it and just head out of town. We managed to find a Walmart off the highway after not too long.

Here I thought it was just an over-exageration because the only 7-11 near where I live is run by hippies, oddly enough. Turns out the stereotype came about because it can be very, very true.

Re:Wrong Title, Wrong summary

[hey!]

Well "exact" could mean "accurate" or it could mean "precise".

I take it to mean it to mean that Brits in their inebriated state have a gift for putting their fingers and other assorted appendages in precisely the wrong place.

Re:Wrong Title, Wrong summary

[garry_g]

For a second i was wondering how Germans could that stupid. That is unlike the Germany i know

You don't seem to know much about politically motivated, government-initiated IT projects in Germany, do you? Overfunded, and staffed with f@cking idiots unable to do their work, much less keep the project organized with PM ...

Re:Wrong Title, Wrong summary

[Opportunist]

Yeah, but the Plumbers that did those pipes weren't Polish...

Re:Wrong Title, Wrong summary

[johnw]

Speaking of which it's time for me to do some practicing.

That should be "practising" - oh, and we're good at pedantry too.

Re:Wrong Title, Wrong summary

[Bigjeff5]

The title/summary are not necessarilly incorrect, just ambiguous. English can do that, and if you aren't paying attention your meaning can be taken in a way other than you intended.

In this case, there are a few ways to read "German Health Insurance Card CA":

1.) The Health Insurance Card CA of German origin
2.) The CA for the German Health Insurance Card
3.) The Card CA for German Health Insurance
4.) The Insurance Card CA for German Health

Obviously they aren't saying 3 or 4, those work gramatically but don't make a lot of sense in the context of health insurance and certificate authorities. 1 and 2 though, work pretty well either way. They should have used the unambiguous form, obviously with a small amount of research we can see that 2 is the correct meaning, but a number of people will read the sentance to mean 1 instead, as you did.

It's poor writing, not an attack or attempt to slight Germans. Remember the old saying: Never ascribe to malice what can be explained by incompetance.

Lastly, while it was the CA's responsibility to ensure they have backups and the like, it is the client company's responsibility to ensure they can maintain their business. If the health insurance company never asked for or verified a disaster recovery plan, it's their ass that is in hot water if they cannot provide service.

Make no mistake, they WILL lose business over this, even if the failure isn't directly their fault.

Re:Wrong Title, Wrong summary

Did anybody notice the parent is modded as Informative, not Funny?

I take it at least 50% of the current mods are French?

Re:Wrong Title, Wrong summary

In my experience, when you see an indian behind the counter at 7-11, they are part of the family of the owner.

Re:Wrong Title, Wrong summary

[trewornan]

Not all stereotypes are without foundation: I can confirm from personal experience that Germans tend to be punctual and expect the same of others, Finns tend to be hard drinkers and tough as old boots and, for what it's worth, never go drinking with Icelanders.

Re:Wrong Title, Wrong summary

[JaredOfEuropa]

Even so, this line struck me as all too familiar: "The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."

This is why managers (especially the MBA types) love outsourcing of everything. It is also in part because numbers and KPIs are so much more easy to manage than actual people. But mainly, by outsourcing a function you also get to outsource the responsibility for that particular function. If things go tits up, the worst you'll be blamed for is picking the wrong service provider, or perhaps not monitoring a particular KPI properly. Minor stuff.

I've seen plenty of managers like that, and I have heard a variation of that one line all too often.

Re:Wrong Title, Wrong summary

Does this qualify as the thread getting Godwinned?

Re:Wrong Title, Wrong summary

[TheLink]

There are a number of Indians with the name Habib. This should not be surprising as there are many Indians who are muslims or whose forefathers were muslims.

Just a search for Habib India will give you many Indians with that name e.g.:

http://en.wikipedia.org/wiki/Habib_Tanvir

Re:Wrong Title, Wrong summary

[squizzar]

I thought Mr Patel was the guy who has kept very quiet his monopoly on every corner shop everywhere.

Re:Wrong Title, Wrong summary

[cbiltcliffe]

You're fat and lazy because you're simple minded. And if you weren't so simple minded, you'd be able to figure that out.

Me, I'm Canadian with British parents. So apparently I'm exact and punctual while stealing booze, but I apologize politely to the shopkeeper for swiping it.....

Re:Wrong Title, Wrong summary

[MadFarmAnimalz]

we British are all of the above.

So, you're punctual, thieving, drunk, lazy, simple minded, and British.

So, just like the Irish then, you mean?

Re:Wrong Title, Wrong summary

A fact is not a stereotype.

Actually yes it is.

As I am African American, so I shall choose an example stereotype of "All black people love them some fried chicken and watermelon!"

Now, if you actually DO see a black man sitting outside with a huge bucket of chicken, and a couple watermelons by him while eating, that makes it both a fact (You can see it happening in that case, and even take pictures) but it is still a stereotype.

Good rule of thumb, any statement involving the words "all" or "none" or any other absolute, is a stereotype, and unless you are discussing mathematics or statistics, is probably also very wrong factually.

Re:Wrong Title, Wrong summary

Good rule of thumb, any statement involving the words "all" or "none" or any other absolute, is a stereotype

Any statement? Most of them, perhaps...

Re:Wrong Title, Wrong summary

[oldhack]

Some Germans are rather sensitive, aren't they? They'd better not talk to VW owners in the US.

Re:Wrong Title, Wrong summary

[v1]

Free +5 funny for whoever follows up with a comment about US beer

like oh, "americans like their beer cold?

Re:Wrong Title, Wrong summary

[Mister+Whirly]

the only 7-11 near where I live is run by hippies

Just a wild guess, but are you from Portland by any chance?

Re:Wrong Title, Wrong summary

[v1]

Question then becomes, can you still call it a stereotype if it's true?

I think the definition of stereotype is an exaggerated generalization, meaning that while it may be true, stating that it's true to a greater degree than factual is where it crosses the line.

"ALL the 7-11's in Seattle are staffed by Indians after 9pm" - stereotype

"80% of the 7-11's in Seattle are staffed by Indians after 9pm" - possibly fact.

Re:Wrong Title, Wrong summary

[Mister+Whirly]

If you want to see something funny, go to the Google homepage, type in "french military victories" and click the I'm Feeling Lucky button.

Re:Wrong Title, Wrong summary

Yeah. Sure. That is the reason why one must always drive through Poland without making stops.

Re:Wrong Title, Wrong summary

[WarlockD]

I don't know..

"We did not decide against a back-up service ..."

That double negative sounds awful like "At the time, we didn't know what they were asking":P I guess its just with personal experence. Evey time I hear a manager use double negatives to defend a decision, its because they didn't really know what they were deciding in the first place. Atleast in IT.

Re:Wrong Title, Wrong summary

[cayenne8]

"After all, we all know Germans are exact and punctual, Poles are thieves, Russians are drunk and Fins are even more so. Oh, and Mexicans are lazy and US people are simple minded. Any stereotype missing?"

That all Oriental people are great drivers, and the men are well endowed?

Re:Wrong Title, Wrong summary

[cheros]

Hah. Why do you think the consultants were thick as flies in government during New Labour's reign?

Yup, the Shaggie defence (it wasn't me)..

Re:Wrong Title, Wrong summary

[cayenne8]

"like oh, "americans like their beer cold?"

Who wants beer at freakin' room temperature?? Ick!

But, I do like the Monty Python quip:

"We find your American beer is a little like making love in a canoe..."

"Making love in a canoe?"

"Yeah, it is fucking close to water..."

Re:Wrong Title, Wrong summary

[AliasMarlowe]

So, you're punctual, thieving, drunk, lazy, simple minded, and British.
So, just like the Irish then, you mean?

The Irish don't like being called "punctual", you insensitive clod!
(And they really hate being called "British")

Re:Wrong Title, Wrong summary

[ScrewMaster]

Any stereotype missing?

yes.

we British are all of the above.

What about the Irish?

Re:Wrong Title, Wrong summary

[multisync]

That's an interesting take. Nothing would surprise me, including cluelessness and/or outright lying on the part of the speakers. I also note the absence of a follow-up question by the reporter to the D-Trust guy, but I guess he had a deadline. The article also lacks an estimate of the cost to replace all those cards, and who will be paying for the mistake. I guess it's probably too early in the shit flinging to know for sure who it's going to stick to.

Re:Wrong Title, Wrong summary

[gringofrijolero]

For your information, England is a fag country !

Re:Wrong Title, Wrong summary

The cocky French declare war upon you for forgetting about them... in a few months when the only aircraft carrier will be done with its maintenance.

Re:Wrong Title, Wrong summary

[bugs2squash]

In that case, why were they stupid enough to rely on an external CA ? They should have signed their own cards and kept the responsibility to themselves.

Re:Wrong Title, Wrong summary

[Opportunist]

You probably just passed the same 7-11 five times and it's run by an Indian immigrant family.

Re:Wrong Title, Wrong summary

[freedom_india]

Normally, Germans don't outsource. Atleast the critical jobs.
They know that you can't delegate authority without diluting responsibility.
Which is why the Hiedelberg Printing Press is 5x times costlier than a Canon and YET outsells Canon by a very large margin.
This time they goofed up. Once.
Next time, no one would outsource anything.
Thanks A-hole CA. Thanks a Lot.

Re:Wrong Title, Wrong summary

[VoiceOfDoom]

So very very true

As one who works for a large service provider, to whom a couple of branches of the UK Govt have outsourced IT operations, I see this an awful lot. It is widely recognised that the purpose of outsourcing is to offset liability.

We have a constant battle to try and get the customer to define their requirements properly so that we don't run into precisely these situations - getting a straight answer is like getting blood from a stone - they'd rather just mutter then point the finger when it (inevitably, considering the lack of proper specs) goes wrong.

Re:Wrong Title, Wrong summary

Apparently you are all overachievers too and as an American I would like to offer you a staring role in a reality TV show just as soon as the Germans come up with another idea for one.

NSA/CIA

Maybe they should check with the NSA or CIA? They've got a backdoor into EVERY system, and may still have the key saved on a laptop lying around somewhere.

Re:NSA/CIA

[howlingmadhowie]

just let me google that for you ...

Could be worse

[bradgoodman]

I'd rather the key be lost, than stolen, hacked, made-public, etc. At least it didn't breach security in the typical manner.

Re:Could be worse

[Opportunist]

What's worst about it is that this is probably presumed to be worse. Had the key be stolen, they'd probably not even report it because business could continue as usual, maybe nobody finds out...

Re:Could be worse

[Animats]

Mod parent up. In the serious crypto world, this is a good thing, provided it doesn't happen too often. Sometimes you're going to lose a key, because, for security reasons, you don't keep extra copies. You have a procedure for issuing new keys when this happens, which you're routinely doing anyway.

Re:Could be worse

It could be worse, but this incident exposes a design flaw: The loss of a private key should not stop them from issuing new cards which are compatible with the existing cards.

If a CA key is lost, then there should be a layer above it which can create a new CA key. Cards are checked against the top CA public key, so the old and the new cards can both be verified. Because the top CA is only used to create intermediate CAs, its private key can be kept safer than the key of a CA which is regularly used for signing certificates. Should it get lost anyway, at least the intermediate CA still exists and can continue signing new cards.

Re:Could be worse

...or maybe the key was stolen and to cover their ass made up a convienent story that the key was lost to reissue new cards before the real shit hit the fan.

Re:Could be worse

Once had a software vendor provide both their public and private SSL keys to 25 people at my company so we could connect to a SOAP interface they'd created for us. This wasn't just a soap.company.com cert, but the www.company.com.

Stupid is as stupid does.

Re:Could be worse

[Opportunist]

Fallacy: Stealing a (digital) key does not remove it from its original owner.

Re:Could be worse

You don't understand what this "key" is for, do you?

Re:Could be worse

Ah so your solution to the possibility of losing the keychain to your house and car is, in case no one returns it by mailing it to the attached address, to keep a couple of extra keys that you can still use, rather than changing the locks?

Re:Could be worse

In the context of this thread "lose" means that nobody has the key, not that that you left it where somebody else could find it. The solution to losing a key like that is indeed to have a backup. You could use an old-fashioned backup: hardware security modules support it. But then you have to protect two copies of the key and get no additional benefit. If you put another CA above your main CA, you can also use it to revoke the main CA certificate or reduce the lifetime of the main CA certificate. There are a couple more advantages.

The big question...

Is the cost of re-establishing the chain of trust (ie a new root and replacing all of the cards) higher than the value of the data that this system was protecting?

This would never happen in Britain

[Curmudgeonlyoldbloke]

It would easily be found be searching the nearest pub car park for USB keys, or checking the train that the relevant civil servant travelled home on.

Public Key Infrastructure

[Reason58]

The entire concept of PKI revolves around the inheritance of trust from the root CA. It seems pretty clear these guys can not be trusted. I would be worried about the people who have to use them.

Re:Public Key Infrastructure

[FlyingBishop]

That's just silly. They obviously take security seriously enough that they found re-issuing all of their certs preferable to adding a second storage place for the private key, thus doubling the possibility of the system being compromised.

If the key had been compromised, that would be a breach of trust. This is more an example of the fact that as security increases, usability decreases.

Re:Public Key Infrastructure

[Reason58]

No, that is just silly. Of course there should be a backup kept in a physically secure location for events just like this. In a real environment when a root CA loses its private key they not only have to reissue all new keys to everyone, but to all the CAs below them and all the users and CAs they signed (and so on all the way down the chain). This cascades quickly into a huge mess that can easily cost millions upon millions to clean up.

Re:Public Key Infrastructure

[tchuladdiass]

Why do they have to issue new keys? I'd think that as long as their public key is still known, that all the issued signed keys would still be valid. They'd just have to use a new key pair for any new signed documents.

Re:Public Key Infrastructure

[K.+S.+Kyosuke]

Well, as far as the security of the backup is concerned, isn't splitting the secret an option? Like having seven different keys to the national crown jewels' safe. :-)

Re:Public Key Infrastructure

[mlts]

PGP Desktop has this option. You can share a key and split it among people, where x amount of y pieces are needed to recover the original key, where both x and y are user selectable values.

However, if a key is a top root CA key, you would not be using it on a general purpose computer. You would have the key generated in a HSM and stored there, where someone can perhaps use the key to sign and decrypt stuff, but would have to go to a lot of trouble to get past all the hardware tamper evident stuff in the HSM to access the raw private key material.

Most newer HSM devices I've seen have a way to back up keys generated on the device (usually to USB flash drives), provided at key generation time you set a flag allowing the key to leave the device. If this "allow private key material to leave the HSM" flag isn't explicitly set, you are screwed when it comes to backups, and your best workaround is to create another key with the flag set, then do some cross signing. Depending on task, you might be able to get away with revoking the old key, but sometimes (especially if the old key signed a lot of code certificates), this may be almost impossible.

This lost key should be a lesson to people. Making sure the keys that are in the armored box are backed up can be just as important to security as keeping them in the armored box in the first place. Ideally, consider multiple HSM hardware at multiple locations, including an offline HSM stored in padded packaging that goes in the Iron Mountain tub, as well as the means to access the key inside the box.

Re:Public Key Infrastructure

[Sloppy]

Damn good question. Losing a signing key doesn't mean the signatures can't still be checked.

Re:Public Key Infrastructure

[Sloppy]

Actually, I can think of a reason, after all. Since this CA no longer has the ability to revoke prior signatures made with that key, then that key can no longer be trusted as a signer. You can check to see if a CA has certified something, but there's no way to check to see if the CA changed their mind, because the CA no longer has a way to say that.

Re:Public Key Infrastructure

[cbiltcliffe]

All the issued signed keys are still valid. That's the problem.

There's no way to now invalidate a signed key that was issued with this CA.
Normally you can revoke a certificate, so it's no longer accepted. OpenVPN, for example, allows this, because you can set it to check a Certificate Revocation List. Any employee gets fired, certificate gets compromised, or whatever, and you add it to the CRL, and that client can no longer connect.

Right now, if they find that a health card was issued fraudulently, or for some reason should be invalid, there's no way to invalidate it (assuming that each card has it's own certificate....I haven't RTFA). Obviously, this is a significant security problem.

Generating a new CA, and issuing new certificates is the only way to fix this problem. But it still assumes that everybody who needs to verify one of these old certs actually _removes_ the old CA from their certificate store, instead of just adding the new one. The chances of this actually happening properly are probably less than nil.

Re:Public Key Infrastructure

[cheros]

Actually, people only give you half the story. Not only can existing keys not be revoked (serves you right for not setting a timeout), you can also not create new keys.

The second part is where it gets entertaining. In order to cure that problem (which is something you want to sort if you're about to waste a lot of money on issuing certs) you will have to generate a NEW root certificate. However, there can only ever be one root, putting a new root key in the system means you have just broken the chain of trust for all existing keys.

As oopsies go, this one is of a good quality.

What I personally find totally spectacular is the use of PKI for this. There are now better solutions, but I guess they will take some time getting known. PKI on such a scale is begging on your bare knees to be allowed to waste a Godawful amount of taxpayer's money (with, of course, the provider drooling all over you) on a system that is so inflexible as the rigor mortis it will introduce into other identity requiring E-Govenment efforts. I can imagine Germany now have plenty cash after breaking international law and paying someone for stolen data (Liechtenstein) to recover taxdodger funds, but that's not a reason to waste it.

I shall have to stock up on popcorn - this promises to get interesting.

Re:Public Key Infrastructure

[bickerdyke]

Thats true. And the few x-hundred of cards given out for testing will still work.

BUT when they start give out the actual cards to the millions, you need different setups to verify THOSE cards. (as in "verify against a completly different public key") So there's not much harm done yet, they only have to replace a few hundred cards more when they start production. BUUUT if a blunder like that had happend after going live, you'd have to replace ALL cards given out as you won'tr be able to create new ones compatible to the ones out "in the wild"

Re:Public Key Infrastructure

[Twylite]

The CA secret key is usually backed up under symmetric encryption (e.g. AES-256). It would be normal for the symmetric key to be split into three 256-bit components that are XORed together to reconstruct the key; each component is entrusted to a different, trusted individual. For really high value secrets (like a CA secret key) it would also be normal to create multiple component sets to protect against the loss of any single component (e.g. the CEO's office burns down but takes more than 40 minutes to do so, and the contents of the fire-proof safe are destroyed).

You can fall off the road on either side

[starfishsystems]

There are two fundamental ways to fail as a CA. There must be exactly one party in effective possession of the private key of the root cert. If the number of parties becomes less than or more than one, fail.

Mistakes happen, of course, and certificate infrastructures can be enormously complex. But if you're going to do any kind of risk mitigation, the absolutely most basic place to start would be with these two scenarios.

Re:You can fall off the road on either side

There must be exactly one party in effective possession of the private key of the root cert. If the number of parties becomes less than or more than one, fail.

No. The number of parties must be effectively ZERO. This is why the key is stored inside an HSM. Signing is performed by the HSM at the request of no fewer than 2 parties (each party monitors the other for suspicious or inappropriate behavior).

Key backups (in case of HSM failure) are encrypted (strength >= key) and can only be decrypted inside another HSM at the request of the >=2 parties who created the backup.

Breaking the HSM and having no backups of the root key ... fail.

Re:You can fall off the road on either side

[radtea]

certificate infrastructures can be enormously complex.

This is the problem: simplicity is the key to security. A complex system is just one with more places to hide exploits.

Re:You can fall off the road on either side

[hey!]

So, it's kind of like the optimist/pessimist thing, right?

As an optimist, I'd say that least they didn't fail in the worst possible way.

The pessimist in me thinks I should get a bit more than "not failing in the worst possible way" when I pay somebody a barrel of cash to hash a couple numbers for me.

Re:You can fall off the road on either side

[jvkjvk]

As an optimist, I'd say that least they didn't fail in the worst possible way.

The pessimist in me thinks I should get a bit more than "not failing in the worst possible way" when I pay somebody a barrel of cash to hash a couple numbers for me.

No, that's also the optimist in you.

Cheers. :)

Re:You can fall off the road on either side

[Pinckney]

How about backups on heavy steel punch-cards sealed and stored in some sort of vault? No serious risk of erasure, and much more difficult to walk off with than any sort of digital backups.

Re:You can fall off the road on either side

[roc97007]

Chain the cards to truck wheels, like the bathroom key at the service station.

Re:You can fall off the road on either side

[evilbessie]

I wouldn't have thought keeping the root online at all times was particularly sensible. At least I seem to remember that this was some of the point of the hierarchical certificate system. You generate the root cert, then some tier 1 certs and turn off the root, put it in a cupboard* use the tier 1 certs to generate more, this way you don't compromise the absolute top of the hierarchy. Which should make the fail moments slightly easier to manage.

*preferably one with a good lock and lined with steel.

Re:You can fall off the road on either side

[starfishsystems]

You're on the right track, for sure. As we're talking about fundamentals and not implementation details, the key phrase again is "in effective possession". I can't add more to what I've already offered on that subject.

I often speak in favor of operating a certificate hierarchy, as you've described. But notice that spreading the risk across multiple points of failure not only increases the intrinsic risk of failure, it multiplies the cost of managing the certificate infrastructure. A secondary risk is introduced by that increased cost, because the incentive becomes greater to cut corners somewhere, not to mention that procedural oversight is far from trivial to assure. But I like the containment that, in principle at least, becomes possible within different secondary authorities.

Re:You can fall off the road on either side

[starfishsystems]

Indeed! Unless you run your own CA, there is not much assurance that identities are being properly verified when certificate requests are signed. I think we've all come across practices to make us livid.

Oh, but wait! Now there's "extended validation"! In exchange for extra money, the CA will promise to exercise the level of care that you thought you were getting from the old identity verification process.

Rootkeylosin!

[192939495969798999]

Q: How do you learn every German swear word in about 20 seconds?
A: Tell the German admin that you lost the root key.

Re:Rootkeylosin!

[BlackCobra43]

The best part is it will all be contained in a single, monstrously large word. Ah, german efficience.

Let me see your SLAs

[geomobile]

Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfils this obligation is its own responsibility."

...at that moment someone handed him the SLAs at which point he turned white, muttered something about an important meeting and was never heard of since.

Re:Let me see your SLAs

[wallywam1]

I agree! "How it fulfils this obligation is its own responsibility." Seriously? What about vendor audits? Surely a system like this one would be subject to sofware validation. The associated business processes should be validated as well.

I'm confused

[Candid88]

card lost its secret private key during a test enrollment

I'm confused, isn't this sort of problem exactly why you carry out system tests?

Sending out new cards to card testers during a systems test is hardly extraordinary.

Re:I'm confused

[Reason58]

I don't think that is the extraordinary part. The part we are focused on is the fact that they specifically refused any sort of backup before testing, knowing full well that all sorts of things can and do happen during testing. And these are the people who will be in charge of this system when it goes live.

Re:I'm confused

[WarlockD]

See I read that part differently.

Matthias Merx, the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur. "The HSM independently deleted the data because it suspected an attack."

Translation? "Someone unplugged the backup power supply before setting the proper mode in the card because we didn't fully understand how sensitive the card is for root CA certs"

Merx explained that "Gematik decided to 'do without a back-up'. As a service provider, we have to accept that,"

Translation? "We asked Gematik that it might be a good idea to back it up and they said its fine its just for testing." or "We recommended to Gematik to back up the card before shipping it to us. They shipped it to us and we just shrugged our shoulders." Bonus points if you guessed they asked a low level manager at Gematik who thinks CA is the first two letters of a cat.

Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfils this obligation is its own responsibility."

Traslation? "Gematik is taking NO RESPONSABLITY WHATSOEVER for doing any safty checks before giving our root ca to an outside vendor."

All in all its not a big deal though. It looks like they just lost the issuing CA and not the revoke keys. It looks like they can still authenticate too. Now if this was the MAIN system germany with 80+ million plus medical cards? I think people are going to be shot:P

Re:I'm confused

They don't need to send out new cards. They just need to regenerate the credentials on all the cards (ie. new certificates). They don't even need to regenerate keys on the issued cards.

Annoying, but no big deal in a test system.

Re:Germans still outperform Africans.

[beefnog]

The next time you have a thought, just let it go.

didn't the Germans learn anything from Bushie?

[swschrad]

(1) outsourced government works even less well.

(2) exceptions are covered under rule #1.

Re:didn't the Germans learn anything from Bushie?

They just got their shoulders inappropriately groped.

Re:Germans still outperform Africans.

[black6host]

Undoing moderation in error....

A drop in voltage?

[yogibaer]

"the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur" You cannot even say what's worse: A voltage drop even reaching the HSM or the HSM going suicidal and loosing the key. And all of that "occasionally"? Everytime they make popcorn in the microwave? As a german I am quite flabbergasted by this lack of german engineering, in one of the countries largest trust-centers.

Re:A drop in voltage?

"the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur" You cannot even say what's worse: A voltage drop even reaching the HSM or the HSM going suicidal and loosing the key. And all of that "occasionally"? Everytime they make popcorn in the microwave? As a german I am quite flabbergasted by this lack of german engineering, in one of the countries largest trust-centers.

THe voltage-drop and the deletion of the key were both part of the tests they did. The HSM deletes the key because it thinks that the drop in voltage is a precursor to a physical attack (basically it thinks that it is being carried out of the datacenter). Everything worked as expected; they simply did not remember to make a backup...

Place blame

[ubrgeek]

Poeschkens claimed, "I know nothing! noth-thing!" and proceeded to blame the problem on a man he would only identify as "Hogan."

Reading comprehension - you fail it!

Once again, misleading title to a different summary.

How's that again?

For fuck's sake, the Germans didn't lose the key.
The SSL Root CA lost that.

Hmm.. I wonder if that's why the title reads "German Health Insurance Card CA Loses Secret Key"?

What are you ranting about? The title says exactly what you say it should say, and then rant about how it's wrong...

Reading comprehension - you fail it!

Although I must laugh about how your post demonstrates exactly what you are claiming is wrong with the article's summary and title.

What is "CA"?

[T+Murphy]

For those of you who are wondering what CA is, it stands for Certificate Authority. You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people. Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month. You know you've walked into a German household when you see the wallpaper of framed certificates.

The problem here is that the company deleted the certificate-printing program since they thought someone was trying to hack in and print more certificates for themselves- no one is THAT special so they had to stop him. They forgot to have another program ready to print more certificates, so now Germany is under threat of entering a depression since they no longer get certificates telling them how special they are.

On a serious note: I don't follow this article very well with all the acronyms being spelled out but not explained, and no background knowledge of anything going on here. If someone would care to explain what is going on here to someone that has never heard the term CA, you should get a +5 informative easily.

Re:What is "CA"?

[Ritorix]

I will simplify, but basically a CA (Certificate Authority, that much of the parent wasnt a joke) is a server that creates encryption certificates. In this case, SSL certificates. For example, when you goto https://mail.google.com/ that SSL certificate was created by the Thawte SGC CA. Thawte is one of many companies that you can pay to create you an SSL cert, so your users can communicate with your server via https.

The CA itself also has an encryption key, which is stored on hardware. In some cases its a PCIe board, others its a removable PCMCIA card, etc. This particular CA used an add-on board which lost power during operation, wiping out its only key. The board seems to have been working as intended, preventing attack (removal of board, which would cause power loss) by wiping itself.

Without that key, the CA can no longer create revocation lists (CRLs, lists of certs a CA has created that have since been revoked or expired) or any new certs. They are dead in the water, also causing every cert they have ever made to become invalid as they can no longer be checked against a recent CRL. They have to start from scratch, recreating every_single_cert.

This was only a test system, but if this happened in reality 80 million Germans would have invalid health cards. At least they discovered the value of a backup during testing.

Re:What is "CA"?

[mcrbids]

BTW: The private key doesn't have to be stored on a card, it can be just as easily set up as a file on a disk.

I looked into becoming a CA once in order to support a state contract - we were just going to use OpenSSL and a strongly physically secured computer with no network access.

Re:What is "CA"?

For those of you who are wondering what CA is, it stands for Certificate Authority. You see, the Germans have a hard time functioning without a constant stream of praise, so they have this authority in place that prints and sends certificates to people. Every day thousands of Germans get congratualted for crossing the street, for finding their car keys or for eating their 1000th potato of the month. You know you've walked into a German household when you see the wallpaper of framed certificates.

Their national ringtone is "ACHIEVEMENT UNLOCKED".

True story.

Re:What is "CA"?

[dkf]

I looked into becoming a CA once in order to support a state contract - we were just going to use OpenSSL and a strongly physically secured computer with no network access.

You might use a two-layer system. Have a master CA and a production CA. The master CA is kept offline (and probably normally unpowered and in a locked fire-proof safe) and is only used to sign the production CA. The production CA issues all the certs that you're actually using to secure normal servers and users. (Actually, you can go with more than one layer of production CAs, but that's less important.) The idea is that the master only needs to be used extremely rarely, so it can be secured using extra strong methods.

Re:What is "CA"?

[CrashandDie]

Disclaimer: I work for a company that specialises in these kind of deployments, however, they do not endorse anything I am about to say, and I am doing so as an individual. All the information in here is public knowledge.

A few points first:
- A CA doesn't only create encryption certificate. It can create a variety of certificates, including Windows Logon, Signing certificates, etc. It all depends on the Certificate Policies that are configured on the CA.

- We have no information the CA was indeed issuing SSL certificates. More likely, they were encryption certificates used to decrypt the patient's medical files. According to this link the card also contains a signing certificate.

- There are a lot of different types of HSMs. Some will encrypt their data (Security World, for nCipher) on a remote filesystem (RFS, especially in the case of netHSMs) that can be on any machine. As long as you have the Administrator Card Set (or a quorum of those, m of n cards required to perform specific tasks), you can reload the Security World, reload the keys, and are good to go. Other HSMs provide in-hardware "protection" of the keys, such as SafeNet HSMs, and the data in these can be backed up through hardware tokens (which are just very secure PCMCIA cards). HSMs usually have built-in hardware protections so you can't break it open or something, without destruction of the data.

- It is stupid for both the service provider and the customer to have gone without backups of the Root CA. What is the point of replicating your production environment in a reference/test environment, if you're not going to do a full replication?

- As each company looks like an idiot, they will try to blame each other, and they already do. Quite typical. The Service Provider is saying "we did what the customer wanted", and the customer says "The service provider was taking care of the tests". They are both stupid and wrong.

- Smartcards are protected by master keys. When the smartcard manufacturer creates the cards, he initialises them, usually with a "Manufacturer Key". This key is known by anyone who ever worked in the industry. In a normal setup, when the customer (the company issuing the cards to their users) gets the cards, during the card personalisation, they swap the Master Keys using their own keys. This is probably the most important part. Without those Master Keys, nobody can access the card's applets, or perform administrative actions on the card. Not even the owner with the PIN. It is very likely that for a solution of this size, the card manufacturer (according to this link, GnD and Gemalto are part of the project. GnD will supply their 80k card) were using the customer's Master Keys initially, so that the key swapping wasn't needed (or simply, the cards wouldn't be usable anywhere else).

If in the same accident, the Master Keys for the smartcards were lost, then they can effectively throw away all the cards that were created in that batch, as nobody will be able to access the applets on the cards, thus, nobody will be able to update the certificates, or even erase the cards. This doesn't mean the certificates are dead, the certificates can still be used on a daily basis without any issue, but considering the CA will not be able to publish its CRL (which needs to be published every x hours/days, and has an expiry threshold), the certificate chain would become untrusted after some time (probably a few years, considering the Root CA should NOT be connected, but rather locked in a safe, and never need to publish its CRL for the length of the certificate's lifetime), and only then will problems start to arise.

I do hope for the sake of the companies involved in this project that they didn't ask the manufacturers to produce the test batches with the customer's Master Keys and that the Master Key was lost,

Re:What is "CA"?

I didn't know Germans had an image of being obsessed with certificates. We kinda make the same jokes about your school graduation celebrations and nicely designed reports at the end of the year. Personally, I don't own a single certificate that's really fancy if I compare it to those of my american relatives.

Ohh, and the amount of medals/whateveryoucallit you give out in your military is also funny to some Germans, with even the lowest ranks wearing more than our higher-ups (It's obvious for slashdotters that this is because the American military is superior in every way :) )

Re:Germans still outperform Africans.

[Opportunist]

And please don't forget to flush.

Best practices

[Shulai]

Best practices about CA management says you should have your secret key in a (physical) safe. Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.

Re:Best practices

[cheros]

And where do you keep the keys for those safes? Or their access code?

Just curious :-)

Re:Best practices

[Firethorn]

In a sufficiently large organization you should have enough areas.

For example, in my organization we keep the combos for other safes in safes with the same sensativity level because, well, drilling is slow and expensive. In different buildings, by preference.

Said combo comes with a list of who's allowed to pick it up, and is in a tamper evident container. Beyond that chain of command comes into play.

Keeping parts of the code in different safes would be even more secure.

Re:Best practices

[ioshhdflwuegfh]

Best practices about CA management says you should have your secret key in a (physical) safe. Better yet, divide it in two pieces and put it along the passphrase in three different safes (part1+pass,part2+pass,part1+part2), so you can't lose key access even if you lose one safe, and nobody can take the key by opening a single safe.

And where do you keep the keys for those safes? Or their access code?
Just curious :-)

Why, in another safe... it is safes all the way down...

Re:Best practices

In a sufficiently large organization you should have enough areas.

For example, in my organization we keep the combos for other safes in safes with the same sensativity level because, well, drilling is slow and expensive. In different buildings, by preference.

Sir, are you implying that any organization housed in only one building isn't sufficiently large?

Re:Germans still outperform Africans.

[jacquesm]

They can have my copy, I hacked their servers last week ;)

That's easy.

When they kick you out of the pub it's time to be at the curry house.

My advice in the past

[meerling]

In talking with people (or company representatives) about their security regarding passwords and keys, I always told them two things.

First, all security experts will tell you that you should not keep copies of that stuff around.

Second, that's not a realistic expectation, stuff happens. The IT guy goes on vacation, has an accident, or dies. (Seen all 3 numerous times.) You fire the Admin for some reason. This building burns down. Etc.

A reasonable thing to do, is keep a password/key log with that critical information that is kept up to date at all times. You have two copies of it. Both are kept secure in good quality safes (not a $200 lockbox).
Both safes are in different physical locations, at least separate buildings, preferably miles apart.
The reason for this is pretty easy. Once again, things happen. I've seen buildings burnt down, flooded, inaccessible due to chemical hazards from a truck wreck, etc. You don't know what will happen, but if you have them stored at separate physical locations, you at least know you will be able to get to one of them if you need to, assuming nobody uses a nuke.

It all falls under that old techie saying, "So, when did your data become important to you? Before or after you lost it...".

What does the colonel do?

Perhaps they could save their private key in the same place KFC and Coke do for their secret recipes. These guys know security!

Spoonerism

[Curate]

Gematik spokesman Daniel Poeschkens poured scorn

I literally read that as scoured porn...

Does German work like English?

[russotto]

"We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."' If this were originally in English, it would mean "We knew this would happen and we tried to tell them, but those arrogant SOBs thought they knew it all and didn't want to listen to us. So we shut up, pulled up a chair, got some popcorn, and waited for the fireworks". I'm not sure that translates, though...

Re:Does German work like English?

[jpmorgan]

Notice how the Gematik spokesman never actually denies that they didn't want to pay for a backup. A better translation:

"The service provider offered a backup service but we didn't want to pay for it. But they lost the key, so even though they warned us of this and we still said no, it's their responsibility."

Er...

[johny42]

All issued cards must be replaced

...why? Unless they (along with everyone else) have lost their public key, there should be no problem verifying all previously signed cards.

Re:Er...

[VAXcat]

They'll be OK...until it's time for a new Certificate Revocation List. When a new CRL doesn't get published, the cards become useless.

Potatos?

[Bysshe]

1000th potato of the month? That's at least 33 potatos a day! That'd be a world record I suspect and well deserving of a certificate!

Secret Sharing is the Answer

[Martin+Hellman]

Making multiple backup copies protects against losing the secret (the root key in this case), but clearly increases the risk of theft. Secret sharing is the way to backup and still be secure. In a "k out of n" secret sharing system, the secret is divided into n pieces, any k of which allow perfect reconstruction of the secret. What's amazing is that any k-1 tell absolutely nothing about the secret! The easiest to understand is a k-1 out of k system. For example, taking k=5 and assuming the secret is 1000 bits long, the first four pieces of the secret are totally random bit strings, each 1000 bits long. The fifth piece is the XOR of the secret and these four strings. It's not hard to see that any four pieces tell nothing, but all five produce the secret when XORed together. More complex k out of n systems are not too much harder to understand. For example, a 3 out of 5 system can be based on the coefficients (A,B,C) of a quadratic function y = Ax^2 + Bx + C. The coefficients can be determined by any three points (x,y) which lie on the graph. If C is the secret, and the 5 pieces of the secret are five points (x1,y1), (x2,y2), (x3,y3), (x4,y4) and (x5,y5) on the graph, then any 3 of them determine (A,B,C) and hence the secret C. But any 2 or less of them tell us absolutely nothing about C. Arithmetic is done in a finite field so that C is a bit string or similar. Martin Hellman http://www-ee.stanford.edu/~hellman/ http://nuclearrisk.org/

in charge

[Tom]

How it fulfills this obligation is its own responsibility.

bzzzt. wrong.

If you're the guy in charge, it's your duty to make sure things work. You can leave specifics to the contrator if you are sure, but as the saying goes, you can not delegate or outsource responsibility.

Verdammtes Pillemannarschloch!

Actually it would be two words, because to properly curse a person we'd use an adjective in conjunction with a noun.

MOD PARENT UP, PLEASE

[Sara+Chan]

Mod parent up, please!

Wait, THATS what happened?

[WarlockD]

THe voltage-drop and the deletion of the key were both part of the tests they did. The HSM deletes the key because it thinks that the drop in voltage is a precursor to a physical attack (basically it thinks that it is being carried out of the datacenter). Everything worked as expected; they simply did not remember to make a backup...

Wait, THAT'S what happened? All this time I was willing to blame the incompetence of Gematik for not backing up the key and the vender just running some normal computer like tests. They still should of done this, but if the vender was purposely trying to delete the key then why the heck didn't they have a backup? This is just getting sad now. Next think you know, the next test they do, they will do a plain text export of the damn key for "backup"