ROCA vulnerability – Universign’s plateform is not impacted
CERT – Computer Emergency Response Team – confirms the ROCA vulnerability affects RSA key generation developed by Infineon Technologies AG. For more information, see “CERT-UK alert bulletin”.
The ROCA vulnerability arises from a problem with a software library used for RSA key generation embedded by many security products: token, smartcards, TLS certificates, chip card, ect.
Although all products used by Universign are a priori not concerned, we have tested all our RSA keys to detect weak and we successfully verified that we are not affected.
We remain vigilant and our teams continue to monitor potential vulnerability.