Millions of high-security crypto keys crippled by newly discovered flaw (Ars Technica)

Infineon's devices are used in many places, for the purposes of this bug what they do is generate an RSA key pair. This key pair _could_ be used for any purpose where RSA public key cryptography is used, in principle.

It is anticipated that affected keys will be rarer in applications which are focused around general purpose computers acting as servers, such as the Web PKI ("SSL"); and more common where keys are associated with a human individual who might find it useful to embody them in a small device or token they can carry, such as PGP or S/MIME. But they could be found almost anywhere.

m.d.s.policy is currently discussing whether Public CAs have (or will have in November) a responsibility to reject requests from applicants for a certificate covering a public key that smells like Infineon generated it, as this key is presumably weak. Today CAs reject Debian Weak Keys, and certain other categories of key known to be bad choices or indicative of unsafe practices.