Infineon RSA Key Generation Issue

October 16, 2017 2 minute read

Infineon Technologies, one of Yubico’s secure element vendors, has informed us of a security issue in their cryptographic firmware library. The issue affects TPMs in millions of computers, and multiple smart card and security token vendors.

For Yubico, the issue weakens the strength of on-chip RSA key generation, and affects some use cases for the PIV smart card and OpenPGP functionality of the YubiKey 4 platform. We’ve issued a security advisory on this issue.

FIDO U2F, OTP, and OATH functions of the YubiKey 4 platform are not affected. The YubiKey NEO, FIDO U2F Security Key and YubiHSM are not impacted, nor are the deprecated products YubiKey Standard and YubiKey Edge. Externally generated RSA keys are not affected.

Yubico estimates that approximately 2% of YubiKey customers utilize the functionality affected by this issue. We have addressed this issue in all shipments of YubiKey 4, YubiKey 4 Nano, and YubiKey 4C, since June 6, 2017.

At this time, we are not aware of any security breaches due to this issue. We are committed to always improving how we protect our customers and continuously invest in making our products even more secure.

We offer customers who are affected mitigation recommendations and optional YubiKey replacement. For more information please refer to our dedicated customer portal.

Share this article:

Recommended content

Thumbnail

YubiKey for RSA SecurID Access product brief

Enterprise security made easy.

Thumbnail

Passwordless login, YubiKey 5C NFC, YubiKey for RSA SecurID® Access, and more at RSAC 2020

The annual RSA Conference never disappoints with the rush of exciting sessions, new products, and innovative demos. Yubico looks forward to this event every year, and today, we are kicking off our presence at RSAC 2020. Are you attending? If so, we’d love to see you. Stop by Yubico’s booth (S-3103), catch our speaking session, ...

Thumbnail

Yubico and RSA team to deliver FIDO-based authentication to enterprises

As more organizations undergo digital transformation initiatives, identity and access management (IAM) is becoming more critical than ever before. IAM sits at the heart of every business, which is why Yubico is excited to announce a new partnership this week at Gartner IAM Summit with one of the longest standing IAM vendors on the market: ...

Thumbnail

Yubico at RSA 2018: Passwordless Logins, Developer Programs, and More

Heading to RSA in San Francisco next week? We’ll be there too, celebrating our 10th year at the conference! An industry first, we are showcasing passwordless login with the just released Security Key by Yubico, the first hardware authentication device to support both FIDO U2F and FIDO2. Yubico is a leading contributor to the new ...