Enum KeyEntryRequest
This lists the possible actions or information the caller is requesting.
public enum KeyEntryRequest
Fields
AuthenticatePivManagementKey = 5
Indicates that the SDK is requesting the current PIV management key in order to authenticate.
When the
Request
is this value, the delegate should collect one management key and submit it using theSubmitValue
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at authenticating the management key failed and theKeyCollector
should try again to obtain the value (unless the user decides to cancel).AuthenticateYubiHsmAuthCredentialPassword = 19
Indicates that the SDK is requesting the YubiHSM Auth credential's password in order to authenticate.
When the Request is
AuthenticateYubiHsmAuthCredentialPassword
, the delegate should collect the current management key and submit it using SubmitValue(ReadOnlySpan<byte>).When the
Request
isAuthenticateYubiHsmAuthCredentialPassword
and IsRetry property isfalse
, this is the initial request for the management key.When the
Request
isAuthenticateYubiHsmAuthCredentialPassword
andIsRetry
istrue
, this means a previous attempt at authenticating the management key failed and theKeyCollector
should try again to obtain the value. In this situation, RetriesRemaining will contain additional information.AuthenticateYubiHsmAuthManagementKey = 17
Indicates that the SDK is requesting the current YubiHSM Auth management key in order to authenticate.
When the Request is this value, the delegate should collect the current management key and submit it using SubmitValue(ReadOnlySpan<byte>).
When the
Request
is this value and IsRetry property isfalse
, this is the initial request for the management key.When the
Request
is this value andIsRetry
istrue
, this means a previous attempt at authenticating the management key failed and theKeyCollector
should try again to obtain the value. In this situation, RetriesRemaining will contain additional information.ChangeFido2Pin = 14
Indicates that the SDK is requesting the current FIDO2 PIN and a new PIN, in order to change the PIN from the current to the new. Collect both the current and new PINs.
ChangePivManagementKey = 6
Indicates that the SDK is requesting the current PIV management key and a new PIV management key, in order to change the key from the current to the new. Collect both the current and a new management key.
When the
Request
is this value, the delegate should collect two keys and submit them using theSubmitValues
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at changing the management key failed and theKeyCollector
should try again to obtain the values (unless the user decides to cancel).Note that the most likely reason a change will fail is because the current management key was incorrect, but it can also fail if the new management key is not valid (e.g. too short).
ChangePivPin = 2
Indicates that the SDK is requesting the current PIV PIN and a new PIN, in order to change the PIN from the current to the new. Collect both the current and a new PIN.
When the
Request
is this value, the delegate should collect two PINs and submit them using theSubmitValues
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at changing the PIN failed and theKeyCollector
should try again to obtain the values (unless the user decides to cancel).Note that the most likely reason a change will fail is because the current PIN was incorrect, but it can also fail if the new PIN is not valid (e.g. too short).
ChangePivPuk = 4
Indicates that the SDK is requesting the current PIV PUK and a new PUK, in order to change the PUK from the current to the new. Collect both the current and a new PUK.
When the
Request
is this value, the delegate should collect two PUKs and submit them using theSubmitValues
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at changing the PUK failed and theKeyCollector
should try again to obtain the values (unless the user decides to cancel).ChangeU2fPin = 11
Indicates that the SDK is requesting the current FIDO U2F PIN and a new PIN, in order to change the PIN from the current to the new. Collect both the current and a new PIN.
ChangeYubiHsmAuthManagementKey = 18
This indicates that the SDK is attempting to change the YubiHSM Auth management key. It is requesting the current YubiHSM Auth management key and a new YubiHSM Auth management key as part of the operation.
When the Request is
ChangeYubiHsmAuthManagementKey
, the delegate should collect the current management key and submit it using SubmitValues(ReadOnlySpan<byte>, ReadOnlySpan<byte>).When the
Request
isChangeYubiHsmAuthManagementKey
and IsRetry property isfalse
, this is the initial request for the management key.When the
Request
isChangeYubiHsmAuthManagementKey
andIsRetry
istrue
, this means a previous attempt at changing the management key failed and theKeyCollector
should try again to obtain the value. In this situation, RetriesRemaining will contain additional information.EnrollFingerprint = 20
Indicates that the SDK is requesting the user provide a fingerprint sample.
When enrolling a fingerprint, the process will generally require several samples. It is also likely you will want to display different messages based on whether this is the first call for a sample, and whether it is a later, "repeat" sample used to "reinforce" the original sample. Hence, when the Request property is
EnrollFingerprint
, look at the LastBioEnrollSampleResult property. If it is null, this is the first call, and if it is not null, this is a subsequent call.Release = 0
Indicates that the SDK has successfully used the element(s) requested and the caller can now release any resources related to obtaining the data.
Note that a delegate MUST NEVER throw an exception if the
Request
isRelease
. TheRelease
is called from inside afinally
block, and it is a bad idea to throw exceptions from insidefinally
.ResetPivPinWithPuk = 3
Indicates that the SDK is requesting the PIV PUK and a new PIN. This is the first call. This is used to recover the PIN using the PUK. Collect both the current PUK and a new PIN.
After collecting the PUK and a new PIN, submit them using the
SubmitValues
method, with the PUK as thecurrentValue
and the PIN as thenewValue
.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at resetting the PIN failed and theKeyCollector
should try again to obtain the values (unless the user decides to cancel).Note that the most likely reason a reset will fail is because the PUK was incorrect, but it can also fail if the new PIN is not valid (e.g. too short).
SetFido2Pin = 13
Indicates that the SDK is setting the FIDO2 PIN. The YubiKey is not set with a FIDO2 PIN yet, so only collect a new PIN.
SetOathPassword = 8
Indicates that the SDK is requesting a new password. Collect a new password.
When the
Request
is this value, the delegate should collect a password and submit it using theSubmitValues
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at setting the password failed and theKeyCollector
should try again to obtain the values (unless the user decides to cancel).SetU2fPin = 10
Indicates that the SDK is setting the FIDO U2F PIN. The YubiKey is not set with a U2F PIN yet, so collect only a new PIN.
TouchRequest = 9
The YubiKey is requesting touch for user presence verification. See the User's Manual entry on how to handle a touch notification in a key collector.
When the
Request
is this value, the delegate does not need to collect any passwords or keys. This is simply used as a means to alert the application that the YubiKey is awaiting a touch. Typically, you will want to respond to this request by alerting your user that they need to physically touch the YubiKey.In addition, when the SDK calls a KeyCollector with this request, it will ignore the return value. That is, it is not possible to cancel this request. However, every YubiKey operation that requires touch has a timeout, so simply not touching will eventually cancel an operation.
Ideally, you should not block this call. However, to ensure the proper function of the SDK, this request will be issued on a separate thread from the one that originated this call.
VerifyFido2Pin = 15
Indicates that the SDK is verifying the FIDO2 PIN. Collect the current PIN.
VerifyFido2Uv = 16
Indicates that the SDK and YubiKey are waiting for user verification. This usually means touching the biometric sensor on the YubiKey. Nothing to collect, this is an informative request.
VerifyOathPassword = 7
Indicates that the SDK is requesting the OATH password to verify.
When the
Request
is this value, the delegate should collect one password and submit it using theSubmitValue
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at verifying the password failed and theKeyCollector
should try again to obtain the value (unless the user decides to cancel).VerifyPivPin = 1
Indicates that the SDK is requesting the PIV PIN to verify.
When the
Request
is this value, the delegate should collect one PIN and submit it using theSubmitValue
method.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property isfalse
, theKeyEntryData
is making the initial request.When the
KeyEntryData.Request
is this value and theKeyEntryData.IsRetry
property istrue
, theKeyEntryData
is reporting that a previous attempt at verifying the PIN failed and theKeyCollector
should try again to obtain the value (unless the user decides to cancel).VerifyU2fPin = 12
Indicates that the SDK is verifying the FIDO U2F PIN. Collect the current PIN.
Remarks
This is used in conjunction with the KeyEntryData class.
When the SDK needs a key, PIN, password, or some other user-supplied
secret element, it will call the application-supplied, key-collecting
delegate. Inside the KeyEntryData
class is a property indicating
what the SDK is requesting the delegate to collect.
This enum is the list of possible elements the SDK can request of the delegate.