GetHmacSecretExtension Method
GetHmacSecretExtension(PinUvAuthProtocolBase)
Get the value of the "hmac-secret" extension. This returns the decoded and decrypted value or values.
public byte[] GetHmacSecretExtension(PinUvAuthProtocolBase authProtocol)
Parameters
Type | Name | Description |
---|---|---|
PinUvAuthProtocolBase | authProtocol | An instance of one of the subclasses of |
Returns
A byte array containing the decoded "hmac-secret" extension.
Exceptions
Type | Condition |
---|---|
System.ArgumentNullException | If the "hmac-key" is in the extensions, and the |
Remarks
Because this extension is used more often, a dedicated method is provided as a convenience. There is no need for the caller to CBOR-decode the value for the key "hmac-secret".
There are possibly two values to return. Both will be 32 bytes long. If there is only one secret value returned, this method will return a 32-byte long array. If there are two values returned, this method will return a 64-byte long array, where "output1" is the first 32 bytes and "output2" is the second 32 bytes.
The caller must supply the
PinUvAuthProtocolBase used to create the
GetAssertion
parameters.
If you are getting assertions using GetAssertions(GetAssertionParameters), you can use the AuthProtocol property.
var gaParams = new GetAssertionParameters(relyingParty, clientDataHash);
gaParams.RequestHmacSecretExtension(salt);
IReadOnlyList<GetAssertionData> assertions = fido2.GetAssertions(gaParams);
byte[] hmacSecret = assertions[0].AuthenticatorData.GetHmacSecretExtension(
fido2Session.AuthProtocol);</code></pre>
If the "hmac-secret" extension was not specified when making the
credential, then the YubiKey will simply not return anything. It is
not an error. In that case, this method will return an empty byte
array.