Andreas Schwier | 17 Oct 2017
On October 16th, 2017 a group of security researchers published a report about a flaw detected in the RSA key generation function, which is part of the cryptographic library used in Infineon Smartcard microcontroller and TPM modules.
As the SmartCard-HSM is based on the NXP JCOP Platform, which is a different chip and crypto library, we believe that our products are not affected by the bug.
Still we are concerned about this bug, as it hits a piece of code that was evaluated and certified under the Common Criteria scheme. The chip and crypto library of the NXP JCOP Platform we are using is also CC certified.
So far we had no reason, not to trust this certification, but given the new findings, we might need to reconsider.
We will look into more details during the next weeks and keep you posted about our findings.
Ars Technica has a detailed background report on the issue.