Show / Hide Table of Contents

AuthenticateKeyAgreeResponse Class

Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dll

The response to the authenticate: key agree command, containing the shared secret result of the YubiKey's private key operation.

C#
public sealed class AuthenticateKeyAgreeResponse : AuthenticateResponse, IYubiKeyResponseWithData<byte[]>, IYubiKeyResponse
Inheritance object YubiKeyResponse PivResponse AuthenticateResponse AuthenticateKeyAgreeResponse
Implements
IYubiKeyResponseWithData<byte[]>
IYubiKeyResponse

Remarks

This is the partner Response class to AuthenticateKeyAgreeCommand.

The data returned by GetData is a byte array, containing the shared secret. The data will be the same size as the key. That is, for a 256-bit ECC key, the shared secret is 32 bytes, and for a 384-bit key, the share secret is 48 bytes.

The data returned is not formatted, it is simply a byte array. It happens to be the x coordinate of an ECC point that is the result of an EC scalar multiplication operation.

GetData will throw an exception when the Status is not Success. This includes when the response indicates AuthenticationRequired, which means the process was not completed because the wrong or no PIN was entered, or the YubiKey was not touched within the time period. That is, it is not an error, the process is simply incomplete. Nonetheless, in that case the method will throw an exception.

Note that whether the PIN and/or touch is required depends on the PIN and touch policies specified at the time of generation or import.

Example:

IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var keyAgreeCommand = new AuthenticateKeyAgreeCommand(pubKeyData, PivSlot.KeyManagement);
AuthenticateDecryptResponse keyAgreeResponse = connection.SendCommand(keyAgreeCommand);
if (keyAgreeResponse.Status != ResponseStatus.Success)
{
  // handle error
}
byte[] sharedSecret = keyAgreeResponse.GetData();

Constructors

Name Description
AuthenticateKeyAgreeResponse(ResponseApdu)

Constructs an AuthenticateKeyAgreeResponse based on a ResponseApdu received from the YubiKey.

In this article
Back to top Generated by DocFX