Get a PIN/UV Auth token using user verification (UV)
Command APDU info
| CLA | INS | P1 | P2 | Lc | Data | Le |
|---|---|---|---|---|---|---|
| 00 | 10 | 00 | 00 | data length | 06 encoded info | (absent) |
The Ins byte (instruction) is 10, which is the byte for CTAPHID_CBOR. That means the command information is in a CBOR encoded structure in the Data.
The data consists of the CTAP Command Byte and the CBOR encoding of the
command's parameters. In this case, the CTAP Command Byte is 06,
which is the command "authenticatorClientPin". The CBOR encoding is
the following:
A6 map containing four elements
01 key (of key/value) specifying ...
0x ... PIN/UV protocol (x=1 for protocol one, x=2 for protocol two)
02 key specifying ...
06 ... subcommand, 06 = getPinUvAuthTokenUsingPin
03 key specifying ...
<> ... CBOR-encoded COSE_Key, the platform's public key
09 key specifying ...
xx ... permissions, e.g. 0x01, 0x03, 0x21
0A key specifying ...
<> ... relying party ID (a text string)
Response APDU info
Response APDU for a successful get
Total Length: variable + 2
Data Length: variable
| Data | SW1 | SW2 |
|---|---|---|
| encoded info | 90 | 00 |
The info returned is CBOR encoded. It has a structure similar to the following.
A1
02 --byte string--
The byte string is the encrypted token. For protocol one, the string will be 32 bytes long, and for protocol two the string will be 48 bytes long.
Response APDU when no protocol is given
Total Length: 2
Data Length: 0
| Data | SW1 | SW2 |
|---|---|---|
| (no data) | 6F | 14 |
Response APDU when an unsupported protocol is specified
Total Length: 2
Data Length: 0
| Data | SW1 | SW2 |
|---|---|---|
| (no data) | 6F | 33 |