The state is temporarily suspending electronic government services (eGovernment) that require the use of a secured electronic signature. The reason for this step is that the certification authority cancelled the validity of their security certificate, the State Secretary of the Interior Ministry, Denisa Saková, announced on Monday, October 23.
A number of experts have warned recently that a research team from Masaryk University in the Czech Republic has discovered a vulnerability in the chips that are used in Slovak ID cards. As a result, a private key can be calculated from a public key, enabling an attacker to sign documents electronically in the name of the victim.
“We are suspending and deactivating the service issuing guaranteed electronic signature certificates for eID cards,” said Saková as cited by the TASR newswire. “The Interior Ministry will keep all previously issued guaranteed electronic signatures valid for the time being, but deactivate all services requiring a guaranteed electronic signature as part of e-Government.”
The Interior Ministry plans to upgrade the certificates within the next few days.
“These new keys will boast a significantly higher level of security,” said Saková, adding that approximately 70 percent of services do not employ guaranteed e-signatures and will not, therefore, be deactivated.
Saková added that the certificates are also used by Austria and Estonia and that mistakes on the part of the German supplier have caused serious problems in those two countries as well.
“We will be pursuing financial compensation,” said Saková, without detailing the potential claims.