CredentialId Class

Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dll

A FIDO2 credentialId, consisting of type, ID, and transports.

public class CredentialId

Inheritance object CredentialId

Remarks

A credential ID is how credentials can be identified. That is, there should be a one-to-one correspondence between credentials and credentialIds. When you make a new credential, the YubiKey will build a credentialId and store the credential against this value. Later on, you can enumerate the credentials on a YubiKey, which will return each credentialId.

The FIDO2 standard defines a "credentialId" as a PublicKeyCredentialDescriptor, which is defined in the W3C standard. The W3C standard defines a PublicKeyCredentialDescriptor as a "dictionary" consisting of a type, id, and an optional sequence of transports. The W3C standard further defines the id as a "Credential ID". That is, there is a "credentialId" in FIDO2 and a "Credential ID" in W3C, however, they are not the same thing. This class is a FIDO2 "credentialId".

Currently only one type is supported: the string "public-key". However, the standard also allows authenticators to support non-standard values.

The id is a byte array. It can be random (at least 16 bytes long), or it can be encrypted identifying data.

The transports are defined as a sequence (list) of supported strings describing transport methods. Currently, a list of transports will be a subset of the following strings: "usb", "nfc", "ble", "hybrid", and "internal".

The two or three elements that make up a credentialId can be CBOR-encoded into a single byte array. For example, when a YubiKey returns a credentialId (e.g. when enumerating), it is encoded. To decode the value into its component parts, use this class.

Constructors

Name	Description
CredentialId()	Constructs a new instance of CredentialId.
CredentialId(ReadOnlyMemory<byte>, out int)	Constructs a new instance of CredentialId from the `encodedCredentialId`.

Properties

Name	Description
Id	The `id` component of the `credentialId`.
Transports	The `transports` component of the `credentialId`. This is an optional parameter, so it can be null.
Type	The `type` component of the `credentialId`.

Methods

Name	Description
AddTransport(string)	Add an entry to the list of transports.
CborEncode()	Return a new byte array that is the object encoded following the FIDO2/CBOR standard.