Yubico
Infineon RSA Key Generation Issue

« Home

Yubico Mitigation Recommendations

OpenPGP Mitigation

The mitigation strategy for OpenPGP is to generate keys outside of the YubiKey and import them onto the device. For more information refer to the Yubico Knowledge Base document "Generating the key on your local system".

PIV for SSH or code signing Mitigation

The mitigation strategy for users using PIV for SSH or code signing is to generate keys outside of the YubiKey and import them onto the device.

Please refer to the following information for detailed instructions on how to generate keys outside of the YubiKey.

https://developers.yubico.com/PIV/Guides/Generating_keys_using_OpenSSL.html

Please refer to the following information for detailed instructions on how to import keys generated outside of the YubiKey for these five scenarios:

  1. SSH with PIV using Public Keys
    https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html
  2. SSH with PIV using User Certificates
    https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html
  3. Android code signing
    https://developers.yubico.com/PIV/Guides/Android_code_signing.html
  4. Mac code signing
    https://developers.yubico.com/PIV/Guides/Mac_code_signing.html
  5. Windows CA issued certificate
    https://developers.yubico.com/PIV/Guides/Windows_CA_issued_certificate.html

PIV Smart card for Windows Login Mitigation

Users logging into Windows with the YubiKey as a smart card with PIV, please contact Yubico Support for more details.


Resources

Customers
Yubico customers can request assistance from Yubico Support by filing a support ticket.

Partners
Yubico partners should contact Yubico Sales directly if they have questions related to this Security Advisory.

Media/Press
Any media or press enquiries should be directed to press@yubico.com.