Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Health Insurance Card CA Loses Secret Key

Posted by timothy on from the your-replacement-papers-please dept.

Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"

5 of 174 comments (clear)

  1. Wrong Title, Wrong summary by freedom_india · · Score: 3, Informative

    Once again, misleading title to a different summary.
    For fuck's sake, the Germans didn't lose the key.
    The SSL Root CA lost that.
    Get the facts right.
    For a second i was wondering how Germans could that stupid. That is unlike the Germany i know. And exactly as i suspected, the German insurer had been insisting the root CA for backup while the CA thought it was unnecessary.
    Is it the German company's fault?

     

    --
    "Doing what i can, with what i have." ~ Burt Gummer
    1. Re:Wrong Title, Wrong summary by MancunianMaskMan · · Score: 4, Informative

      Any stereotype missing?

      yes.

      we British are all of the above.

  2. Re:An HSM That Requires Continuous Power? by Opportunist · · Score: 3, Informative

    Don't blame the cards for the stupidity of their administrators.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Re:What is "CA"? by Ritorix · · Score: 5, Informative

    I will simplify, but basically a CA (Certificate Authority, that much of the parent wasnt a joke) is a server that creates encryption certificates. In this case, SSL certificates. For example, when you goto https://mail.google.com/ that SSL certificate was created by the Thawte SGC CA. Thawte is one of many companies that you can pay to create you an SSL cert, so your users can communicate with your server via https.

    The CA itself also has an encryption key, which is stored on hardware. In some cases its a PCIe board, others its a removable PCMCIA card, etc. This particular CA used an add-on board which lost power during operation, wiping out its only key. The board seems to have been working as intended, preventing attack (removal of board, which would cause power loss) by wiping itself.

    Without that key, the CA can no longer create revocation lists (CRLs, lists of certs a CA has created that have since been revoked or expired) or any new certs. They are dead in the water, also causing every cert they have ever made to become invalid as they can no longer be checked against a recent CRL. They have to start from scratch, recreating every_single_cert.

    This was only a test system, but if this happened in reality 80 million Germans would have invalid health cards. At least they discovered the value of a backup during testing.

  4. Re:I'm confused by WarlockD · · Score: 3, Informative
    See I read that part differently.

    Matthias Merx, the firm's managing director, told heise online that following a voltage drop, something happened in D-Trust's "Trustcenter" that does occasionally occur. "The HSM independently deleted the data because it suspected an attack."

    Translation? "Someone unplugged the backup power supply before setting the proper mode in the card because we didn't fully understand how sensitive the card is for root CA certs"

    Merx explained that "Gematik decided to 'do without a back-up'. As a service provider, we have to accept that,"

    Translation? "We asked Gematik that it might be a good idea to back it up and they said its fine its just for testing." or "We recommended to Gematik to back up the card before shipping it to us. They shipped it to us and we just shrugged our shoulders." Bonus points if you guessed they asked a low level manager at Gematik who thinks CA is the first two letters of a cat.

    Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfils this obligation is its own responsibility."

    Traslation? "Gematik is taking NO RESPONSABLITY WHATSOEVER for doing any safty checks before giving our root ca to an outside vendor."

    All in all its not a big deal though. It looks like they just lost the issuing CA and not the revoke keys. It looks like they can still authenticate too. Now if this was the MAIN system germany with 80+ million plus medical cards? I think people are going to be shot:P