PinUvAuthProtocolBase Class
Namespace: Yubico.YubiKey.Fido2.PinProtocols Assembly: Yubico.YubiKey.dllBase class for FIDO2 PIN/UV auth protocol implementations.
public abstract class PinUvAuthProtocolBase : Object, IDisposable
Implements
Remarks
A PIN/UV auth protocol is a set of methods defined by the FIDO2 CTAP specification. The abstract interface is defined in section 6.5.4. As of FIDO 2.1, there are only two PIN protocols defined: protocol one and protocol two. These two implementations share some common code. The abstract interface as well as any shared code is defined by this class.
Constructors
Name | Description |
---|---|
PinUvAuthProtocolBase() |
Properties
Name | Description |
---|---|
AuthenticationKey | Gets the authentication key derived from the shared value computed during the call to Encapsulate(CoseKey). This can be the same as the EncryptionKey. |
AuthenticatorPublicKey | The public key returned by the YubiKey. |
EncryptionKey | Gets the encryption key derived from the shared value computed during the call to Encapsulate(CoseKey). This can be the same as the AuthenticationKey. |
PlatformPublicKey | Gets the public key generated during the call to Encapsulate(CoseKey). |
Protocol | Gets the identifier of the PIN / UV authentication protocol that this instance implements. |
Methods
Name | Description |
---|---|
Authenticate(Byte[]) | Returns the result of computing HMAC-SHA-256 on the given message using the AuthenticationKey. With protocol 1, the result is the first 16 bytes of the HMAC, and with protocol 2 it is the entire 32-byte result. |
Authenticate(Byte[], Byte[]) | Returns the result of computing HMAC-SHA-256 on the given message
using the provided |
AuthenticateUsingPinToken(Byte[], Byte[]) | Returns the result of computing HMAC-SHA-256 on the given message
using the |
AuthenticateUsingPinToken(Byte[], Int32, Int32, Byte[]) | Returns the result of computing HMAC-SHA-256 on the given message
using the |
Decrypt(Byte[], Int32, Int32) | Returns the AES-256-CBC decryption of ciphertext using an IV specified
by the protocol and the EncryptionKey. With protocol 1
the IV is all 00 bytes. With protocol 2, it is the first block size
bytes of |
DeriveKeys(Byte[]) | The key derivation function to run while performing ECDH. This will derive both the EncryptionKey and the AuthenticationKey. |
Dispose() | Release resources, overwrite sensitive data. |
Dispose(Boolean) | Release resources, overwrite sensitive data. |
Encapsulate(CoseKey) | Generates a new platform key pair and uses the private key along with the peerPublicKey to compute the shared value. It then derives the shared keys (encryption and authentication) from the shared value. |
Encrypt(Byte[], Int32, Int32) | Returns the AES-256-CBC encryption of plaintext using an IV specified by the protocol and the EncryptionKey. With protocol 1 the IV is all 00 bytes. With protocol 2, it is a new, random value. |
Initialize() | This is run by the platform when starting a series of transactions with a specific authenticator. |