Is PrivateServer vulnerable to RSA Fast Prime vulnerability (CVE-2017-15361)?The latest RSA vulnerability (ROCA - CVE-2017-15361) is used by several products, such as Infineon Technologies, in their hardware products or TPM devices found in some PCs.
The vulnerability is related to using an algorithm for “Fast Generation of Prime Numbers” as described in https://link.springer.com/content/pdf/10.1007/11894063_13.pdf.
The following products: DocuSign Signature Appliance (CoSign), DocuSign HSM Appliance (PrivateServer) and DocuSign CryptoKit include DocuSign RSA Key Generation code that is based on either the ANSI X.931 Standard or FIPS 184-4 Standard and was validated according to FIPS 140-2 certification program.
Both standards and the implementation are not affected by this vulnerability.
Furthermore, the above products do not use of any dedicated hardware components that use the “Fast Generation of Prime Numbers” algorithm.