AddCredBlobExtension Method

AddCredBlobExtension(byte[], AuthenticatorInfo)

Add the "credBlob" extension. Note that the credBlob extension is valid only for discoverable credentials.

C#
public void AddCredBlobExtension(byte[] credBlobValue, AuthenticatorInfo authenticatorInfo)

Parameters

Type Name Description
byte[] credBlobValue

The data to add as the "credBlob" extension.
AuthenticatorInfo authenticatorInfo

The FIDO2 AuthenticatorInfo for the YubiKey being used.

Exceptions

Type Condition
ArgumentNullException

The credBlobValue or authenticatorInfo arg is null.
ArgumentException

The YubiKey does not support this extension, or the value's length was invalid.

Remarks

Because this extension is used more often, a dedicated method is provided as a convenience. There is no need for the caller to encode the credBlobValue. That is, this is essentially the same as calling AddExtension, except this method will verify the YubiKey supports the extension, verify the data length, use the appropriate extensionString, and encode the value.

The caller supplies the AuthenticatorInfo for the YubiKey, obtained by calling the GetInfoCommand or providing the AuthenticatorInfo property.

This method will determine from the authenticatorInfo whether the YubiKey supports this extension, and whether the data provided is within the YubiKey's range for "credBlob". The standard specifies that the maximum credBlob length is at least 32 bytes. The AuthenticatorInfo contains the property MaximumCredentialBlobLength, which is the length the YubiKey supports. If the YubiKey does not support the "credBlob" extension, or the data is too long, this method will throw an exception.

The caller supplies the un-encoded credBlobValue. This method will encode it.

The credBlob data will be returned when the credential is used to get an assertion. When building the GetAssertion parameters, the caller must specify that the YubiKey return the credBlob. See RequestCredBlobExtension(). The assertion returned will contain the credBlob. The data will be returned in the AuthenticatorData and can be retrieved using GetCredBlobExtension()