A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. [1]

Portugal has migrated to an electronic ID (e-ID) citizen card (Cartão do Cidadão) in 2007, with the first trials occurring in Azores at that time. The full roll-out took place in 2008 and four years later, 7 million cards were already in circulation [2].

In case you’re wondering, the selected contractor for Cartão do Cidadão was Gemalto using its Sealys eID platform [2] and the company confirmed it has been affected by ROCA as well. According to them, only smartcards based on the IDPrime.NET platform were subject to this vulnerability.

The dangers of compromising a private key are frightening. In Portugal, the e-ID is used extensively in the public sector as it is mandatory for signing contracts and documents. In the private area, it is commonly used for authenticating in public services and for submitting digitally signed documents. Voting is still paper-based.

I’ve used the roca-test utility to find out whether the certificates installed on my e-ID were resistant to ROCA. Fortunately, they are.

[1] ROCA: Vulnerable RSA generation (CVE-2017-15361)

[2] Portuguese Citizen’s Card - Gemalto