Class AuthenticatorInfo
Device information returned by the FIDO2 GetDeviceInfo command.
public class AuthenticatorInfo
- Inheritance
-
objectAuthenticatorInfo
Constructors
AuthenticatorInfo(ReadOnlyMemory<byte>)
Build a new instance of AuthenticatorInfo based on the given CBOR encoding.
public AuthenticatorInfo(ReadOnlyMemory<byte> cborEncoding)
Parameters
cborEncoding
ReadOnlyMemory<byte>The device info, encoded following the CTAP 2.1 and CBOR (RFC 8949) standards.
Remarks
The encoding must follow the definition of
authenticatorGetInfo
in section 6.4 of the CTAP 2.1 standard.
Exceptions
- Ctap2DataException
The
cborEncoding
is not a valid CBOR encoding, or it is not a correct encoding for FIDO2 device info.
Fields
AaguidLength
An Aaguid is defined in the standard as 16 bytes, no more, no less.
public const int AaguidLength = 16
Field Value
- int
DefaultMaximumMessageSize
If no MaximumMessageSize is given, the standard specifies a default size of 1024.
public const int DefaultMaximumMessageSize = 1024
Field Value
- int
DefaultMinimumPinLength
If no MinimumPinLength is given, the standard specifies a default length of 4.
public const int DefaultMinimumPinLength = 4
Field Value
- int
Version20
The string in the Versions property that indicates FIDO2 version 2.0.
public const string Version20 = "FIDO_2_0"
Field Value
- string
Version21
The string in the Versions property that indicates FIDO2 version 2.1.
public const string Version21 = "FIDO_2_1"
Field Value
- string
Version21Pre
The string in the Versions property that indicates FIDO2 version 2.1 preview.
public const string Version21Pre = "FIDO_2_1_PRE"
Field Value
- string
VersionU2f
The string in the Versions property that indicates FIDO U2F.
public const string VersionU2f = "U2F_V2"
Field Value
- string
Properties
Aaguid
The AAGUID, unique to the authenticator and model. This is a REQUIRED value.
public ReadOnlyMemory<byte> Aaguid { get; }
Property Value
- ReadOnlyMemory<byte>
Algorithms
The list of supported algorithms for credential generation. This is an optional value and can be null.
public IReadOnlyList<Tuple<string, CoseAlgorithmIdentifier>>? Algorithms { get; }
Property Value
- IReadOnlyList<Tuple<string, CoseAlgorithmIdentifier>>
Remarks
Each entry in the list is a type and algorithm. Neither the type nor
algorithm are guaranteed to be unique, although each combination is.
Currently, the only type defined is "public-key". The only algorithm
the YubiKey supports is ECDSA with SHA-256 using the NIST P-256
curve. This is the pair
"public-key"/CoseAlgorithmIdentifier.ES256
.
Certifications
The list of certifications the YubiKey has obtained. Each certification is a string and number. The string is the name of the certification, and the number describes the level. See The FIDO standard for more information, specifically section 7.3 of CTAP. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public IReadOnlyDictionary<string, int>? Certifications { get; }
Property Value
- IReadOnlyDictionary<string, int>
Extensions
List of extension strings of CTAP supported by the authenticator. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public IReadOnlyList<string>? Extensions { get; }
Property Value
- IReadOnlyList<string>
FirmwareVersion
The version of the firmware on the YubiKey. Note that this is an
int
, not an instance of the FirmwareVersion
class. The
standard specifies returning an int.
This property is OPTIONAL, and if the YubiKey provides no value, this
will be null.
public int? FirmwareVersion { get; }
Property Value
- int?
Remarks
If you examine the result as a hexadecimal 32-bit value, the major, minor, and Patch numbers will be bytes 2, 1, and 0. For example, if the YubiKey's firmware is vers 5.4.2, then the result will be decimal 328,706, which in hex is 0x00050402.
ForcePinChange
If true
, certain PIN commands will return errors until the PIN
has been changed. If false
, a PIN change is not necessary.
This property is OPTIONAL, and if the YubiKey provides no value, this
will be null.
public bool? ForcePinChange { get; }
Property Value
- bool?
MaximumCredentialBlobLength
The maximum length, in bytes, of the "credBlob" if supported. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? MaximumCredentialBlobLength { get; }
Property Value
- int?
MaximumCredentialCountInList
The maximum number of credentials in the CredentialID list. Note that this is not the maximum number of credentials on a YubiKey, but the maximum number of credentials represented in a CredentialID list. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? MaximumCredentialCountInList { get; }
Property Value
- int?
MaximumCredentialIdLength
The maximum length of a CredentialID. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? MaximumCredentialIdLength { get; }
Property Value
- int?
MaximumMessageSize
The maximum size, in bytes, of a message sent to the YubiKey. This property is OPTIONAL, and if the YubiKey provides no value, this will be null. The standard specifies a default of 1024 (see the field DefaultMaximumMessageSize).
public int? MaximumMessageSize { get; }
Property Value
- int?
MaximumRpidsForSetMinPinLength
The maximum number of Relying Party IDs that the YubiKey can set via the setMinPINLength subcommand. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? MaximumRpidsForSetMinPinLength { get; }
Property Value
- int?
MaximumSerializedLargeBlobArray
The maximum size, in bytes, of the serialized large-blob array that this YubiKey can store. If the authenticatorLargeBlobs command is not supported, this will be null. If it is supported, it will be a value greater than 1024. This property is OPTIONAL, and if the YubiKey provides no value, this will be null (the authenticatorLargeBlobs command is not supported).
public int? MaximumSerializedLargeBlobArray { get; }
Property Value
- int?
MinimumPinLength
The current minimum PIN length, in Unicode code points. This property is OPTIONAL, and if the YubiKey provides no value, this will be null. The standard specifies a default of 4 (see the field DefaultMinimumPinLength).
public int? MinimumPinLength { get; }
Property Value
- int?
Options
The list of supported options. Each entry in the list is a string
describing the option and a boolean, indicating whether it is
supported (true
) or not (false
).
This property is OPTIONAL, and if the YubiKey provides no value, this
will be null.
public IReadOnlyDictionary<string, bool>? Options { get; }
Property Value
- IReadOnlyDictionary<string, bool>
PinUvAuthProtocols
List of PIN/UV Auth Protocols the YubiKey supports. They are given in the order from most to least preferred. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public IReadOnlyList<PinUvAuthProtocol>? PinUvAuthProtocols { get; }
Property Value
- IReadOnlyList<PinUvAuthProtocol>
PreferredPlatformUvAttempts
The number of attempts to authenticate the UV (e.g. fingerprint) that fail before using the PIN. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? PreferredPlatformUvAttempts { get; }
Property Value
- int?
RemainingDiscoverableCredentials
The estimated number of additional discoverable credentials that can be stored. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? RemainingDiscoverableCredentials { get; }
Property Value
- int?
Transports
List of transport strings of CTAP supported by the authenticator. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public IReadOnlyList<string>? Transports { get; }
Property Value
- IReadOnlyList<string>
UvModality
A bit field indicating the user verification methods supported by the YubiKey. The meanings of the bits are specified in the FIDO standard, namely the Registry of Predefined Values, section 3.1. This property is OPTIONAL, and if the YubiKey provides no value, this will be null.
public int? UvModality { get; }
Property Value
- int?
VendorPrototypeConfigCommands
A list of vendor command IDs. If this is not null, then the YubiKey chosen supports the vendor prototype subcommand of Authenticator Config. If so, the list, which can be empty, will contain the valid vendor IDs that can be used in that subcommand. If this is null, the YubiKey chosen does not support the feature.
public IReadOnlyList<long>? VendorPrototypeConfigCommands { get; }
Property Value
- IReadOnlyList<long>
Remarks
Note that the standard defines a vendor ID as a 64-bit unsigned integer. These numbers are to be random values.
Versions
List of version strings of CTAP supported by the authenticator. This is a REQUIRED value.
public IReadOnlyList<string> Versions { get; }
Property Value
- IReadOnlyList<string>
Remarks
A list of strings is not the easiest to parse, but that is the way
the standard specifies reporting the supported versions. If you want
to know if a particular version is supported, call the
Contains
method of the IReadOnlyList
interface, using
the strings defined in this class. For example, suppose you build a
Fido2Session
object and you want to know whether the connected
YubiKey supports version 2.1, your code would look something like
this.
if (fido2Session.AuthenticatorInfo.Versions.Contains(AuthenticatorInfo.Version21))
{
. . .
}
Methods
GetOptionValue(string)
Get the value of the given option
in this
AuthenticatorInfo
.
public OptionValue GetOptionValue(string option)
Parameters
option
string
Returns
- OptionValue
An
OptionValue
enum that specifies the option as eitherTrue
,False
,NotSupported
, orUnknown
.
Remarks
An option can be "true", "false", or "not supported". This method will determine which value is appropriate for the given option.
The FIDO2 standard specifies that each option has a value, even if an authenticator does not list it. If an option is not listed, its value is a default, and the standard specifies default values for each option. This method will determine if an option is listed, and if so, return the listed value. If not, it will return the default value. A default value can be "true", "false", or "not supported".
If the option is unknown (not one of the standard-defined options), and it is not listed, this method will return "unknown".
IsExtensionSupported(string)
Determine if the given extension
is listed in this
AuthenticatorInfo
.
public bool IsExtensionSupported(string extension)
Parameters
extension
string
Returns
- bool
Remarks
Because the Extensions property can be null (this happens if a YubiKey does not specify any extensions), to check for any particular extension requires first checking for null. If it is not null, then it is necessary to check to see if that extension is listed.
This method offers a convenient way to determine if an extension is
listed. This method will determine if Extensions
is null. If
it is null, it will return false
. If not, it will check to see
if the given value is listed. If so, return true
, otherwise
return false
.