Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Health Insurance Card CA Loses Secret Key

Posted by timothy on from the your-replacement-papers-please dept.

Christiane writes "The SSL Root CA responsible for issuing the German digital health insurance card lost its secret private key during a test enrollment. After their Hardware Security Module (HSM) dutifully deleted its crypto keys during a power outage, it was all 'Oops, why is there no backup?' All issued cards must be replaced: 'Gematik spokesman Daniel Poeschkens poured scorn on the statement that Gematik had insisted on the service provider carrying out a test without backing up the root CA private keys. "We did not decide against a back-up service. The fact of the matter is that the service provider took over the running of the test system, so it also has to warrant its continuous operation. How it fulfills this obligation is its own responsibility."'"

1 of 174 comments (clear)

  1. Er... by johny42 · · Score: 0, Redundant

    All issued cards must be replaced

    ...why? Unless they (along with everyone else) have lost their public key, there should be no problem verifying all previously signed cards.