Table of Contents

Class GetKeyAgreementCommand

Namespace
Yubico.YubiKey.Fido2.Commands
Assembly
Yubico.YubiKey.dll

Gets the YubiKey's public key for the Key Agreement algorithm based on the specified PIN/UV auth protocol.

public class GetKeyAgreementCommand : IYubiKeyCommand<GetKeyAgreementResponse>
Inheritance
object
GetKeyAgreementCommand
Implements

Remarks

Before sending a PIN to the YubiKey, it must be encrypted. The key used to encrypt is generated using a Key Agreement algorithm along with a key derivation function. In FIDO2, the key agreement algorithm is specified int the PIN/UV Auth Protocol. There are currently two. For each protocol the key agreement algorithm is ECDH with the P-256 curve, although they have different key derivation functions.

Constructors

GetKeyAgreementCommand()

Constructs a new instance of GetKeyAgreementCommand.

public GetKeyAgreementCommand()

Remarks

This command can only be executed if the PIN/UV Auth Protocol is specified. If you use this constructor, make sure you set the PinUvAuthProtocol property before sending.

GetKeyAgreementCommand(PinUvAuthProtocol)

Constructs a new instance of GetKeyAgreementCommand.

public GetKeyAgreementCommand(PinUvAuthProtocol protocol)

Parameters

protocol PinUvAuthProtocol

Which protocol the caller will be using.

Remarks

This command can only be executed if the PIN/UV Auth Protocol is specified.

Properties

Application

Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.

PinUvAuthProtocol

The PIN/UV Auth Protocol for which the public key is requested.

public PinUvAuthProtocol PinUvAuthProtocol { get; set; }

Property Value

PinUvAuthProtocol

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public GetKeyAgreementResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

GetKeyAgreementResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.