AuthenticateKeyAgreeResponse Class
Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dllThe response to the authenticate: key agree command, containing the shared secret result of the YubiKey's private key operation.
public sealed class AuthenticateKeyAgreeResponse : AuthenticateResponse, IYubiKeyResponseWithData<byte[]>, IYubiKeyResponse
Remarks
This is the partner Response class to AuthenticateKeyAgreeCommand.
The data returned by GetData
is a byte array,
containing the shared secret. The data will be the same size as the key.
That is, for a 256-bit ECC key, the shared secret is 32 bytes, and for
a 384-bit key, the share secret is 48 bytes.
The data returned is not formatted, it is simply a byte array. It happens to be the x coordinate of an ECC point that is the result of an EC scalar multiplication operation.
GetData
will throw an exception when the Status
is not Success
. This includes when the response indicates
AuthenticationRequired
, which
means the process was not completed because the wrong or no PIN was
entered, or the YubiKey was not touched within the time period. That
is, it is not an error, the process is simply incomplete.
Nonetheless, in that case the method will throw an exception.
Note that whether the PIN and/or touch is required depends on the PIN and touch policies specified at the time of generation or import.
Example:
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var keyAgreeCommand = new AuthenticateKeyAgreeCommand(pubKeyData, PivSlot.KeyManagement);
AuthenticateDecryptResponse keyAgreeResponse = connection.SendCommand(keyAgreeCommand);
if (keyAgreeResponse.Status != ResponseStatus.Success)
{
// handle error
}
byte[] sharedSecret = keyAgreeResponse.GetData();
Constructors
Name | Description |
---|---|
AuthenticateKeyAgreeResponse(ResponseApdu) | Constructs an AuthenticateKeyAgreeResponse based on a ResponseApdu received from the YubiKey. |