[Faaak]

Spain does the same. With you ID card chip, you can:

- sign your emails digitally - login to secure websites with your id card (bank, DMV, taxes, …). Sometimes you can only do it with the ID card - they opened many of their tools, so you can design your website to allow login with Spain's ID cards (that was a fun project)

[dullgiulio]

Were these cards affected? Were there any official notices from authorities?

Even if not affected, it would be nice to hear an official comment.

I was discussing this with someone from Belgium and we agreed that silence from the Belgian government meant only one thing: nobody used the service. (Specifically: Belgian cards are the older Gemalto generation, thus not affected, like the older Estonian IDs.)

[pfg]

We have a similar system in Austria and I got curious when ROCA was announced. Turns out the cards here generate ECDSA keys and are thus not affected. Naturally, there was no announcement of any kind, so this took quite a bit of sleuthing to figure out.

Maybe Spain happens to use ECC keys too.

[dullgiulio]

For those wondering: "upgrading the Estonian ID cards" means switching to ECC (P-384).

New certificates are generated on the chip, and the public part is then transmitted to the government public keys directory.

[bdonlan]

How do they authenticate the new ECC policy key when the RSA key is already compromised?

[dullgiulio]

You don't. Hence, the upgrade system has been disabled now, which is TFA.

[bragh]

Am Estonian. The remote upgrade system is still working, but only enabled for high-priority users right now because of the high load - medical professionals, social workers, people who used the card more than 100 times over the past 3 months. It will be re-enabled for all users at the start of next week, maybe earlier if the high-priority users have all been serviced.

[Faaak]

Spanish cards (DNIe) generate their keys themselves

[dullgiulio]

They all do, that's the idea of a HSM.

[alfonsodev]

Do you have a link to that project? (login with Spanish ID)