SerializedLargeBlobArray Class
Namespace: Yubico.YubiKey.Fido2 Assembly: Yubico.YubiKey.dllContains the Serialized Large Blob Array data. See also the user's manual entry on large blobs.
public class SerializedLargeBlobArrayRemarks
The Large Blob data is stored on the YubiKey as a "Serialized Large Blob Array". This is the "Large Blob Array" followed by a message digest value:
Large Blob Array || digest valueThe digest value is the first 16 bytes of the SHA-256 digest of the Large Blob Array.
The Large Blob Array is a CBOR array (major type 4). For example, an array of 3 elements is encoded as
0x83 element0 element1 element2A YubiKey begins with no Large Blob data. It is possible to retrieve the Serialized Large Blob Array and the result will be a zero-count array with digest value:
80 76be8b528d0075f7aae98d6fa57a6d3c80 is the Large Blob Array (an array with zero elements),
followed by the first 16 bytes of the SHA-256 digest of the single byte
0x80.
Each element in the Large Blob Array is a CBOR map consisting of three key/value pairs:
A3 -- map of 3 key/value pairs
01 --byte string-- -- key = 1, value is a byte string
02 --byte string-- -- key = 2, value is a byte string
03 --unsigned int-- -- key = 3, value is an unsigned int
where the byte string for key 01 is the AEAD-AES-GCM ciphertext
containing the encrypted data and an authentication tag
the byte string for key 02 is the AES-GCM nonce, 12 bytes
and the unsigned int is the length, in bytes, of the original,
uncompressed dataLargeBlobKey There is a different
LargeBlobKey for each credential. Hence, each element in the Large
Blob Array is data associated with one credential.
This class is the input to the SetSerializedLargeBlobArray(SerializedLargeBlobArray). To set a Large Blob Array, get the current array (GetSerializedLargeBlobArray()) and remove, replace, or add entries. Even if there are no entries in the YubiKey (e.g. it is a new YubiKey with the initial serialized large blob array) get the current array.
To add an entry, you will need the LargeBlobKey for one of the
credentials.
This class is also the return from
GetSerializedLargeBlobArray(). After getting the
array, if there are any elements, they will be encrypted. Determine which
elements you want to decrypt, obtain the LargeBlobKey for the
associated credential and call the decryption method.
Constructors
| Name | Description |
|---|---|
| SerializedLargeBlobArray(ReadOnlyMemory<byte>) | Build a new instance of SerializedLargeBlobArray based on the given CBOR encoding. |
Properties
| Name | Description |
|---|---|
| Digest | The digest of the array elements (left 16 bytes of SHA-256). |
| EncodedArray | The encoded Large Blob Array. This is the data that is digested. That is, perform Left16Bytes(SHA-256(EncodedArray)) and it should equal the Digest. |
| Entries | The list of entries in the Large Blob Array. |
Methods
| Name | Description |
|---|---|
| AddEntry(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) | Add a new entry to the Entries. This method will
build a new LargeBlobEntry from the |
| Encode() | Build the Serialized Large Blob Array. This builds the CBOR encoding of the large blob array, digests that array, and appends the digest. |
| IsDigestVerified() | Determine if the Digest verifies for the given EncodedArray. |
| RemoveEntry(int) | Remove the |