A flaw in a widely used code library has undermined the security of millions of encryption keys used in national identity cards, code-signing, and other platforms protecting. The weakness lets bad actors calculate the private portion of a vulnerable key so they can impersonate key owners, decrypt data and sneak malicious code into signed software.