ClientPinCommand Class
Namespace: Yubico.YubiKey.Fido2.Commands Assembly: Yubico.YubiKey.dllThe ClientPinCommand allows a client or platform to use a PIN/UV auth protocol to perform a number of actions such as authenticating the PIN, setting and changing the PIN, and getting the number of PIN retries left.
public class ClientPinCommand : Object, IYubiKeyCommand<IYubiKeyResponse>Implements
Remarks
The `authenticatorClientPin (0x06)` FIDO2 command can be thought of more as a "meta" command. That is, it provides the structure and mechanism for performing a number of subcommands. These subcommands are:
- GetPinRetries (0x01)
- GetKeyAgreement (0x02)
- SetPIN (0x03)
- ChangePIN (0x04)
- GetPinToken (0x05)
- GetPinUvAuthTokenUsingUvWithPermissions (0x06)
- GetUVRetries (0x07)
- GetPinUvAuthTokenUsingPinWithPermissions (0x09)
Since the SDK does not have the concept of a subcommand natively, these are all exposed as their own separate commands.
This command should seldom be used directly. It is exposed for completeness. The subcommands exposed in this namespace use it as their implementation and expose a pared down version of the parameters.
See the user manual entry on PIN protocols for a much more in depth guide to working with PINs within FIDO2. For more information on a particular subcommand, see the API reference documentation for that command class (linked above).
Constructors
| Name | Description |
|---|---|
| ClientPinCommand() |
Properties
| Name | Description |
|---|---|
| Application | Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies. |
| KeyAgreement | The platform key-agreement key. |
| NewPinEnc | An encrypted PIN. |
| Permissions | A set of permission flags. If present, it must not be zero. |
| PinHashEnc | An encrypted proof-of-knowledge of a PIN. |
| PinUvAuthParam | The output of calling authenticate on the PIN/UV protocol specific to a particular subcommand. |
| PinUvAuthProtocol | An optional PIN/UV protocol version chosen by the platform. |
| RpId | The Relying Party ID (RP ID) to assign as the permissions RP ID. |
| SubCommand | The Client PIN subcommand to issue to the YubiKey. |
Methods
| Name | Description |
|---|---|
| CreateCommandApdu() | Creates a well-formed CommandApdu to send to the YubiKey. |
| CreateResponseForApdu(ResponseApdu) | Creates the corresponding IYubiKeyResponse implementation for the current command. |