Class BioEnrollmentCommand
The BioEnrollmentCommand is the class for
authenticatorBioEnrollment
. This command has a number of
subcommands, each of which is represented by its own class.
public class BioEnrollmentCommand : IYubiKeyCommand<BioEnrollmentResponse>
- Inheritance
-
objectBioEnrollmentCommand
- Implements
Remarks
The authenticatorBioEnrollment (0x09)
FIDO2 command can be
thought of as a "meta" command. That is, it provides the structure and
mechanism for performing a number of subcommands. These subcommands are:
- enrollBegin (0x01)
- enrollCaptureNextSample (0x02)
- cancelCurrentEnrollment (0x03)
- enumerateEnrollments (0x04)
- setFriendlyName (0x05)
- removeEnrollment (0x06)
- getFingerprintSensorInfo (0x07)
Since the SDK does not have the concept of a subcommand natively, these are all exposed as their own separate commands.
See the user manual entry on Bio Enrollment for a more in depth guide to enrolling fingerprints within FIDO2. For more information on a particular subcommand, see the API reference documentation for that command class.
Some of the subcommands return data (e.g. a template ID), others return only a success or failure response code.
Constructors
BioEnrollmentCommand()
This constructor will throw NotImplementedException
. It is the
default constructor explicitly defined. We don't want it to be used.
It is made protected
rather than private
because there
are subclasses.
protected BioEnrollmentCommand()
BioEnrollmentCommand(int)
Constructs a new instance of BioEnrollmentCommand.
public BioEnrollmentCommand(int subCommand)
Parameters
subCommand
intThe byte representing the subcommand to execute.
BioEnrollmentCommand(int, byte[]?, ReadOnlyMemory<byte>, PinUvAuthProtocolBase)
Constructs a new instance of BioEnrollmentCommand.
public BioEnrollmentCommand(int subCommand, byte[]? subCommandParams, ReadOnlyMemory<byte> pinUvAuthToken, PinUvAuthProtocolBase authProtocol)
Parameters
subCommand
intThe byte representing the subcommand to execute.
subCommandParams
byte[]The parameters needed in order to execute the subcommand. Not all subcommands have parameters, so this can be null.
pinUvAuthToken
ReadOnlyMemory<byte>The PIN/UV Auth Token built from the PIN. This is the encrypted token key.
authProtocol
PinUvAuthProtocolBaseThe Auth Protocol used to build the Auth Token.
Remarks
Note that if the command does not need the pinUvAuthToken
and
authProtocol
, use the constructor that takes only the
subCommand
.
Properties
Application
Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.
PinUvAuthParam
The output of calling authenticate on the PIN/UV protocol specific to a particular subcommand.
public ReadOnlyMemory<byte>? PinUvAuthParam { get; }
Property Value
- ReadOnlyMemory<byte>?
Remarks
See the User's Manual entry on PIN protocols for a much more in depth guide to working with PINs within FIDO2.
See also the User's Manual entry on
FIDO2 Bio Enrollment
for more information on building the PIN/UV Auth Param
specific to the BioEnrollment commands.
PinUvAuthProtocol
The PIN/UV protocol version chosen by the platform.
public PinUvAuthProtocol? PinUvAuthProtocol { get; }
Property Value
Remarks
A PIN/UV protocol must be used when performing some of the BioEnrollment operations. The specified protocol must be one of the protocols that are supported by the YubiKey. This can be determined by issuing the AuthenticatorGetInfo command.
SubCommand
The BioEnrollment subcommand to issue to the YubiKey.
public int SubCommand { get; }
Property Value
- int
Remarks
This is a mandatory parameter, and must be one of the following values:
- enrollBegin (0x01)
- enrollCaptureNextSample (0x02)
- cancelCurrentEnrollment (0x03)
- enumerateEnrollments (0x04)
- setFriendlyName (0x05)
- removeEnrollment (0x06)
- getFingerprintSensorInfo (0x07)
There is one other value this property can possess, and that is zero
for getModality
. The standard does not list getModality
as a subcommand, but specifies getModality
as an operation of
authenticatorBioEnrollment
executed as a subcommand. That is,
getModality
is a subcommand, but not documented as such. If
the SubCommand
property is set to zero, then this class will
build the BioEnrollment command to perform getModality
.
SubCommandParameters
The encoded params for the specified subcommand. If a subcommand has no parameters, this will be null.
public ReadOnlyMemory<byte>? SubCommandParameters { get; }
Property Value
- ReadOnlyMemory<byte>?
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandApdu it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will be collapsed into a single result.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public BioEnrollmentResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- BioEnrollmentResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.