Class GetKeyAgreementCommand
Gets the YubiKey's public key for the Key Agreement algorithm based on the specified PIN/UV auth protocol.
public class GetKeyAgreementCommand : IYubiKeyCommand<GetKeyAgreementResponse>
- Inheritance
-
objectGetKeyAgreementCommand
- Implements
Remarks
Before sending a PIN to the YubiKey, it must be encrypted. The key used to encrypt is generated using a Key Agreement algorithm along with a key derivation function. In FIDO2, the key agreement algorithm is specified int the PIN/UV Auth Protocol. There are currently two. For each protocol the key agreement algorithm is ECDH with the P-256 curve, although they have different key derivation functions.
Constructors
GetKeyAgreementCommand()
Constructs a new instance of GetKeyAgreementCommand.
public GetKeyAgreementCommand()
Remarks
This command can only be executed if the PIN/UV Auth Protocol is specified. If you use this constructor, make sure you set the PinUvAuthProtocol property before sending.
GetKeyAgreementCommand(PinUvAuthProtocol)
Constructs a new instance of GetKeyAgreementCommand.
public GetKeyAgreementCommand(PinUvAuthProtocol protocol)
Parameters
protocol
PinUvAuthProtocolWhich protocol the caller will be using.
Remarks
This command can only be executed if the PIN/UV Auth Protocol is specified.
Properties
Application
Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.
PinUvAuthProtocol
The PIN/UV Auth Protocol for which the public key is requested.
public PinUvAuthProtocol PinUvAuthProtocol { get; set; }
Property Value
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public GetKeyAgreementResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- GetKeyAgreementResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.