Show / Hide Table of Contents

ClientPinCommand Class

Namespace: Yubico.YubiKey.Fido2.Commands Assembly: Yubico.YubiKey.dll

The ClientPinCommand allows a client or platform to use a PIN/UV auth protocol to perform a number of actions such as authenticating the PIN, setting and changing the PIN, and getting the number of PIN retries left.

C#
public class ClientPinCommand : IYubiKeyCommand<IYubiKeyResponse>
Inheritance object ClientPinCommand
Implements
IYubiKeyCommand<IYubiKeyResponse>

Remarks

The `authenticatorClientPin (0x06)` FIDO2 command can be thought of more as a "meta" command. That is, it provides the structure and mechanism for performing a number of subcommands. These subcommands are:

  • GetPinRetries (0x01)
  • GetKeyAgreement (0x02)
  • SetPIN (0x03)
  • ChangePIN (0x04)
  • GetPinToken (0x05)
  • GetPinUvAuthTokenUsingUvWithPermissions (0x06)
  • GetUVRetries (0x07)
  • GetPinUvAuthTokenUsingPinWithPermissions (0x09)

Since the SDK does not have the concept of a subcommand natively, these are all exposed as their own separate commands.

This command should seldom be used directly. It is exposed for completeness. The subcommands exposed in this namespace use it as their implementation and expose a pared down version of the parameters.

See the user manual entry on PIN protocols for a much more in depth guide to working with PINs within FIDO2. For more information on a particular subcommand, see the API reference documentation for that command class (linked above).

Properties

Name Description
Application

Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.

KeyAgreement

The platform key-agreement key.

NewPinEnc

An encrypted PIN.

Permissions

A set of permission flags. If present, it must not be zero.

PinHashEnc

An encrypted proof-of-knowledge of a PIN.

PinUvAuthParam

The output of calling authenticate on the PIN/UV protocol specific to a particular subcommand.

PinUvAuthProtocol

An optional PIN/UV protocol version chosen by the platform.

RpId

The Relying Party ID (RP ID) to assign as the permissions RP ID.

SubCommand

The Client PIN subcommand to issue to the YubiKey.

Methods

Name Description
CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

In this article
Back to top Generated by DocFX