Table of Contents

Class GetAssertionData

Namespace
Yubico.YubiKey.Fido2
Assembly
Yubico.YubiKey.dll

Contains the data returned by the YubiKey after getting an assertion.

public class GetAssertionData
Inheritance
object
GetAssertionData

Remarks

When an assertion is obtained, the YubiKey returns data about that assertion, including the credential. There are several elements in this data and this structure contains those elements.

Constructors

GetAssertionData(ReadOnlyMemory<byte>)

Build a new instance of GetAssertionData based on the given CBOR encoding.

public GetAssertionData(ReadOnlyMemory<byte> cborEncoding)

Parameters

cborEncoding ReadOnlyMemory<byte>

The credential data, encoded following the CTAP 2.1 and CBOR (RFC 8949) standards.

Remarks

The encoding must follow the definition of authenticatorGetAssertion response structure in section 6.2.2 of the CTAP 2.1 standard.

Exceptions

Ctap2DataException

The cborEncoding is not a valid CBOR encoding, or it is not a correct encoding for FIDO2 assertion data.

Properties

AuthenticatorData

The object that contains both the encoded authenticator data, which is to be used in verifying the attestation statement, and the decoded elements, including the credential itself, a public key.

public AuthenticatorData AuthenticatorData { get; }

Property Value

AuthenticatorData

CredentialId

The credential ID for the assertion just obtained.

public CredentialId CredentialId { get; }

Property Value

CredentialId

LargeBlobKey

The large blob key, if there is one. This is optional and can be null.

public ReadOnlyMemory<byte>? LargeBlobKey { get; }

Property Value

ReadOnlyMemory<byte>?

NumberOfCredentials

The total number of credentials found on the YubiKey for the relying party. This is optional and can be null. If null, then there is only one credential.

public int? NumberOfCredentials { get; }

Property Value

int?

Signature

The assertion signature, which can be used to verify the assertion the call to GetAssertion returned.

public ReadOnlyMemory<byte> Signature { get; }

Property Value

ReadOnlyMemory<byte>

Remarks

Use the public key returned in the AuthenticatorData field of the MakeCredentialData returned by the call to MakeCredential (CredentialPublicKey). The data to verify is EncodedAuthenticatorData.

User

The user's ID, along with optional descriptive strings. This is an optional element and can be null.

public UserEntity? User { get; }

Property Value

UserEntity

UserSelected

If true, the credential was selected by the user via interaction directly with the authenticator. This is optional and can be null. If null, then this is considered false.

public bool? UserSelected { get; }

Property Value

bool?

Methods

Dispose()

Releases any unmanaged resources and overwrites any sensitive data.

public void Dispose()

Dispose(bool)

Releases any unmanaged resources and overwrites any sensitive data.

protected virtual void Dispose(bool disposing)

Parameters

disposing bool

VerifyAssertion(CoseKey, ReadOnlyMemory<byte>)

Use the given public key to verify the Signature. This method will use the clientDataHash and the AuthenticatorData as the data to verify.

public bool VerifyAssertion(CoseKey publicKey, ReadOnlyMemory<byte> clientDataHash)

Parameters

publicKey CoseKey

The public key returned when the credential was first made, it will be used to verify.

clientDataHash ReadOnlyMemory<byte>

The client data hash used to get the assertion.

Returns

bool

A boolean, true if the signature verifies, false otherwise.

Remarks

If the signature verifies, this method will return true, and if it does not verify, it will return false. If there are any errors, this method will throw an exception.