Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?
Could you, having the right private keys, impersonate some company soliciting a BankID signature?
I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.
alt Hacker News
Well doesn’t Relying Parties using the BankID API for signatures and authentication have private keys to start the flows for users scanning QR codes etc?
Could you, having the right private keys, impersonate some company soliciting a BankID signature?
I’m not sure what you can do with that though. You cannot steal some other ongoing signature I guess.