On the practicality of attacks on electronic document management systems when signature keys are jointly used in TLS 1.2

Prohibiting the use of identical keys in different cryptographic algorithms and protocols is a prerequisite for the security of a wide variety of information systems. However, developers of such systems sometimes ignore this requirement since underestimate the threat. This paper addresses practical attack scenarios against electronic document management systems in a situation where the signature key is also used for client authentication in the TLS 1.2 protocol. As a result of one of the attacks, an adversary forms a signature for a selected PDF file up to 16 MB in size, which is correctly displayed by a number of popular applications. An analysis of the reasons for the feasibility of these attacks leads to the conclusion that a property exists in the TLS 1.2 protocol that leads to a vulnerability when the client authentication key is used as a signature key in electronic document management systems.