AuthenticatorData Class

Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dll

Contains information about the credential, assertion, or the authenticator itself after making a credential or getting an assertion.

public class AuthenticatorData

Inheritance object AuthenticatorData

Remarks

When a new credential is made, or a credential is used to get an assertion, the YubiKey returns data about that operation. When making a credential, this includes information about the authenticator itself, such as the aaguid.

The authenticator data object defined in the FIDO2 standard is encoded but not following the rules of CBOR or DER or any other standard encoding scheme. The encoding is defined in the W3C standard.

Constructors

Name	Description
AuthenticatorData(ReadOnlyMemory<byte>)	Build a new instance of AuthenticatorData based on the given encoding.

Properties

Name	Description
Aaguid	The authenticator's AAGUID. This is an optional value and can be null.
CredentialId	The CredentialId. This is an optional value and can be null.
CredentialPublicKey	The Credential's public key. This is an optional value and can be null.
EncodedAuthenticatorData	The encoded authenticator data is used to verify the attestation statement (make credential) or assertion signature (get assertion).
Extensions	The list of extensions. This is an optional value and can be null.
RelyingPartyIdHash	The digest of the relying party ID. It is the SHA-256 digest of the `Id` property of the RelyingParty class passed to the `MakeCredential` method or command as part of the MakeCredentialParameters.
SignatureCounter	The count the authenticator returns. This should be an increasing value for each time `GetAssertion` is called and is returned to the relying party, which can verify that it is greater than the previous value (to help thwart authenticator cloning).
UserPresence	If `true`, a test of user presence indicates a user is indeed present before making the credential (e.g. the YubiKey was touched). Otherwise it will be `false`.
UserVerification	If `true`, a test of user verification operation indicates the user has indeed been verified. Note that this can be biometric verification, as well as touch plus PIN, or password. Otherwise it will be `false`.

Methods

Name	Description
GetCredBlobExtension()	Get the value of the "credBlob" extension. This returns the decoded value.
GetCredProtectExtension()	Get the value of the "credProtect" extension. This returns the decoded value.
GetHmacSecretExtension(PinUvAuthProtocolBase)	Get the value of the "hmac-secret" extension. This returns the decoded and decrypted value or values.
GetMinPinLengthExtension()	Get the value of the "minPinLength" extension. This returns the decoded value.