Infineon Technologies, one of Yubico’s secure element vendors, informed Yubico of a security issue in their firmware cryptographic libraries. The security issue was found on June 6, 2017 and affected TPMs in millions of computers, and multiple smart card and security token vendors.
This page provides information to help you determine whether you are affected, and how to address this issue. For Yubico this issue weakens the strength of on-chip RSA key generation, and affects some use cases for the Personal Identify Verification (PIV) smart card and OpenPGP functionality of the YubiKey 4 platform. Yubico has issued a security advisory on this issue.
The use of the FIDO U2F, OTP and OATH functions of the YubiKey 4 platform are not affected. All YubiKey/Security Key models apart from the 4 Series are not affected at all.
Yubico has addressed this issue in all shipments of YubiKey 4, YubiKey 4 Nano, YubiKey 4C, and YubiKey 4C Nano since June 6, 2017 and provided affected customers with mitigation recommendations. As of March 31, 2019 we are no longer able to provide replacements for the affected keys. We’d like to sincerely thank all of those who were involved as we worked through this issue. Below is further background information and explanation on the Infineon RSA key generation issue. Please use the following information as a resource.
Background
The Infineon RSA key generation issue was discovered by an independent team of researchers from the University of Masaryk in the Czech Republic. The researchers found a method to identify mathematical weaknesses of particular algorithms for prime number generation. The method allows an attacker who only has the public portion of an RSA key pair generated on the secure element to compute the private key significantly faster than the current state of the art attack.
Infineon confirms that the RSA key generation implemented in one of their cryptographic libraries is affected. The root cause of the issue lies within the cryptographic software library, not in the secure element itself - the symmetric and asymmetric hardware co-processors are not affected.
Addressing the Issue in YubiKey Firmware
Once we were notified of this issue by Infineon we quickly addressed it. To ensure the YubiKey 4 offers strong security for all functions, we switched to a different, broadly scrutinized and deployed key generation function. The new implementation has been vetted by the security researchers who discovered the original issue as well as by professional security auditors.
Is My YubiKey Use Case Affected?
This section clarifies which YubiKey use cases are affected. Note that the models covered in this section reflect what we sold on our online store at the time of this issue. Any key models not listed below are not affected by this issue. For additional help identifying which YubiKey you have, please see https://www.yubico.com/products/identifying-your-yubikey/.
YubiKey NEO / NEO-n
- Functionality affected: None
- Action required: None
FIDO U2F Security Key
- Functionality affected: None
- Action required: None
YubiKey 4 Series with firmware 4.3.5 or higher*
- Functionality affected: None
- Action required: None
YubiKey 4 Series with firmware 4.2.6-4.3.4*
- Functionality affected:
- PIV and OpenPGP, if RSA keys were generated onboard. PIV and OpenPGP are not affected if keys were generated externally and imported, or if ECC was used (PIV only).
- FIDO U2F, OTP and OATH are not affected in any case.
- Action required: For affected use cases, see Mitigation Recommendations section below.
*YubiKey firmware can be checked using YubiKey Manager.
Mitigation Recommendations
PIV
For users of PIV smart card who have previously generated private RSA keys on the YubiKey 4 (version 4.2.6 - 4.3.4), we recommend EITHER regenerating private keys using ECC algorithms, or, if RSA keys are required, regenerating keys off the YubiKey 4 and loading onto the YubiKey 4.
The mitigation strategy for PIV for SSH or code signing is to generate keys on the local machine and then import them onto the YubiKey.
Please refer to https://developers.yubico.com/PIV/Guides/Generating_keys_using_OpenSSL.html for detailed instructions on how to generate keys outside of the YubiKey.
For instructions on how to import keys generated outside of the YubiKey for five specific scenarios please see the below links:
- SSH with PIV using Public Keys
https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html - SSH with PIV using User Certificates
https://developers.yubico.com/PIV/Guides/SSH_user_certificates.html - Android code signing
https://developers.yubico.com/PIV/Guides/Android_code_signing.html - Mac code signing
https://developers.yubico.com/PIV/Guides/Mac_code_signing.html - Windows CA issued certificate
https://support.yubico.com/hc/en-us/articles/360015668799
OpenPGP
For users of OpenPGP who have previously generated private RSA keys on the YubiKey 4 (version 4.2.6 - 4.3.4), we recommend regenerating private keys off the YubiKey 4 and loading the new keys onto the YubiKey 4. For more information, refer to Generating keys externally from the YubiKey.