Class LargeBlobEntry
Contains the data from one entry in the Large Blob Array. See also the user's manual entry on large blobs.
public class LargeBlobEntry
- Inheritance
-
objectLargeBlobEntry
Remarks
The SerializedLargeBlobArray class contains a List
of
LargeBlobEntry
, this class. When you get a Large Blob Array from a
YubiKey (GetSerializedLargeBlobArray()), you get a
LargeBlobArray
object. You then have access to each of the
individual entries in the Large Blob Array through that list of
LargeBlobEntry
. If you want to add a new LargeBlobEntry
to
the Array's List
, call the
AddEntry(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) method.
This class contains only properties and a TryDecrypt(ReadOnlyMemory<byte>, out Memory<byte>)
method. You will not build an individual entry yourself, only the
LargeBlobArray
class can do that. But you will be able to see the
data of the entry.
Properties
Ciphertext
The encrypted data. This is either the retrieved encrypted data when
getting a Large Blob Array, or the provided data encrypted using the
specified LargeBlobKey
when creating a new entry to store. The
last 16 bytes make up the GCM authentication tag.
public ReadOnlyMemory<byte> Ciphertext { get; }
Property Value
- ReadOnlyMemory<byte>
Remarks
The plaintext data is compressed before encrypting.
Nonce
The nonce used to perform the AES-GCD operation. This is either the retrieved nonce when getting a Large Blob Array, or the generated nonce used when creating a new entry to store.
public ReadOnlyMemory<byte> Nonce { get; }
Property Value
- ReadOnlyMemory<byte>
OriginalDataLength
The length, in bytes, of the unencrypted, uncompressed data. This is
either the retrieved origSize
in the Large Blob Map when
getting a Large Blob Array, or the length, in bytes, of the provided
data when creating a new entry to store.
public int OriginalDataLength { get; }
Property Value
- int
Methods
TryDecrypt(ReadOnlyMemory<byte>, out Memory<byte>)
Try to decrypt the data using the given key. If the key is correct,
this will set the return true
and return the plaintext in the
out argument (decrypted and decompressed).
public bool TryDecrypt(ReadOnlyMemory<byte> largeBlobKey, out Memory<byte> plaintext)
Parameters
largeBlobKey
ReadOnlyMemory<byte>The key to use to decrypt.
plaintext
Memory<byte>An output argument. A new object containing the plaintext if the decryption succeeds, or an empty
Memory
object otherwise.
Returns
- bool
A boolean,
true
if the data is successfully decrypted using the given key, andfalse
otherwise.
Remarks
Because the data is encrypted using AES-GCD, the ciphertext contains both the encrypted data and an "authentication tag". While any key will be able to decrypt the data and produce a result (some result), only the correct key will be able to authenticate the tag. Hence, this method will be able to determine whether the key provided was the correct key and the decrypted data is the correct data.
If the method is able to decrypt using the key, it will then decompress the decrypted data.
When reading a Large Blob Array, you will likely obtain the large
blob data from the YubiKey, resulting in a
SerializedLargeBlobArray object. At that point, each of
the entries contain only the encrypted data. You will then obtain the
LargeBlobKey
from the target credential, and use it to try to
decrypt the data of each entry in the Large Blob Array.
Note that the plaintext returned is a Memory
object, not a
ReadOnlyMemory
object. This is so you can overwrite it for
security reasons if you want.