| Name | Signature Spoofing by Key Recreation |
| Summary | An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker. |
| Prerequisites | An authoritative signer is using a weak method of random number generation or weak signing software that causes key leakage or permits key inference.
An authoritative signer is using a signature algorithm with a direct weakness or with poorly chosen parameters that enable the key to be recovered using signatures from that signer. |
| Solutions | Ensure cryptographic elements have been sufficiently tested for weaknesses. |
| Related Weaknesses |
| CWE ID | Description |
| CWE-310 | Cryptographic Issues |
| CWE-330 | Use of Insufficiently Random Values |
|
