RetriesRemaining Property
RetriesRemaining
This is the number of retries remaining before the element requested
is blocked. This can be null if the element is one that is never
blocked or the retries remaining count is not known yet because the
KeyEntryData
represents the initial request.
public Nullable<int> RetriesRemaining { get; set; }
Property Value
Type | Description |
---|---|
System.Nullable<System.Int32> |
Remarks
For some elements there is a retry count. It is the number of times in a row a wrong value can be entered for verification before the element is blocked. Other elements have no limitation. For example, the PIV PIN starts out with a retry count of 3 (this count can be changed). If you try to verify the PIN but enter the wrong value, the retries remaining will be decremented to 2. Verify using the correct PIN and the retries remaining returns to 3. If it is decremented to 0, the PIN is blocked, and the YubiKey PIV application will not be able to perform operations that require the PIN, even if the correct PIN is entered later. Restore the PIN using the PUK.
There are some elements that have no limit. For example, the PIV management key is a triple-DES key, and you can try and fail to authenticate that key as many times as you want and it will never be blocked.
This property starts out as null because the number of retries remaining is not known until the YubiKey is contacted. If an attempt to verify an element that has a retry count is made, and the value is incorrect, the YubiKey will report the number of retries remaining. If that happens, this property will be set with the number.
If the correct value is given, the YubiKey will not report the retries remaining. If that happens, this property will be set to null.
If the item requested has no limited retry count, this will be null, even if a previous attempt made to authenticate it had failed.
If the item requested has a limited retry count, and this is a call to get the item after a previous call failed, and this number is 0, that means the item is blocked.
If the element requested is one that has a retry account, and this is
not null, then you know the request is a "retry", that the previous
attempt failed. There is another property, isRetry
, that
specifically indicates if the call is a retry or not, and it is valid
for all elements, those that have a retry count and those that do
not. So you will likely use that property to determine if a request
is a retry or not.