AddHmacSecretExtension Method
AddHmacSecretExtension(AuthenticatorInfo)
Add the "hmac-secret" extension, meaning the YubiKey will generate a secret value to be associated with the credential made. When getting an assertion, it will be possible to get the secret value. Note that the hmac-secret extension is valid for both discoverable and non-discoverable credentials.
public void AddHmacSecretExtension(AuthenticatorInfo authenticatorInfo)
Parameters
Type | Name | Description |
---|---|---|
AuthenticatorInfo | authenticatorInfo | The FIDO2 |
Exceptions
Type | Condition |
---|---|
System.ArgumentNullException | The |
System.ArgumentException | The YubiKey does not support this extension. |
Remarks
Because this extension is used more often, a dedicated method is
provided as a convenience. There is no need for the caller to
encode the hmacSecretValue
. That is, this is essentially the
same as calling AddExtension
, except this method will verify
the YubiKey supports the extension, and encode the value.
The caller supplies the AuthenticatorInfo
for the YubiKey,
obtained by calling the GetInfoCommand or
providing the AuthenticatorInfo property.
This method will determine from the authenticatorInfo
whether
the YubiKey supports this extension.
The hmac-secret data will be returned when the credential is used to get an assertion. When building the GetAssertion parameters, the caller must specify that the YubiKey return the hmac-secret. See RequestHmacSecretExtension(ReadOnlyMemory<Byte>, Nullable<ReadOnlyMemory<Byte>>). The assertion returned will contain the hmac-secret output. The result will be returned in the AuthenticatorData and can be retrieved using GetHmacSecretExtension(PinUvAuthProtocolBase)