Class AuthenticateResponse

Namespace: Yubico.YubiKey.Piv.Commands

Assembly: Yubico.YubiKey.dll

The base class for some of the General Authenticate response classes, containing shared code.

public class AuthenticateResponse : PivResponse, IYubiKeyResponseWithData<byte[]>, IYubiKeyResponse

Inheritance: object

YubiKeyResponse

PivResponse

AuthenticateResponse

Implements: IYubiKeyResponseWithData<byte[]>

IYubiKeyResponse

Derived: AuthenticateDecryptResponse

AuthenticateKeyAgreeResponse

AuthenticateSignResponse

Inherited Members: PivResponse.StatusCodeMap

YubiKeyResponse.ResponseApdu

YubiKeyResponse.Status

YubiKeyResponse.StatusWord

YubiKeyResponse.StatusMessage

YubiKeyResponse.ToString()

Constructors

AuthenticateResponse(ResponseApdu)

Constructs an AuthenticateResponse based on a ResponseApdu received from the YubiKey.

public AuthenticateResponse(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu: The object containing the response APDU
returned by the YubiKey.

Methods

GetData()

Gets the signature, or decrypted data, or key agreement shared secret from the YubiKey response.

public byte[] GetData()

Returns

byte[]: The signature, decrypted data, or key agreement shared secret as a byte array.

Remarks

Note that the data returned can be sensitive data. It is a new byte array, belonging to the caller. The caller should overwrite this memory as soon as it is no longer needed, using CryptographicOperations.ZeroMemory.

The data returned by the YubiKey is encoded as follows.

7C L1 { 82 L2 result }

The GetData method returns the decoded data, returning the result.

For an RSA signature, it will appear to be random bytes. There are no tags, no length octets, just the signature.

For an ECC signature, it will be the DER encoding of

SEQUENCE {
  r   INTEGER,
  s   INTEGER
}

If the data returned by the YubiKey is decrypted data, it is returned as the formatted plaintext.

If the data returned by the YubiKey is the key agreement shared secret, it is the raw secret bytes.

Note that if there is no data to return, this method will throw an exception. Even if the response indicates AuthenticationRequired (see the Status property), which means the process was not completed because the wrong or no PIN was entered, or the YubiKey was not touched within the time period. That is, it is not an error, the process is simply incomplete. Nonetheless, in that case the method will throw an exception. Hence, do not call this method unless you know that Status is Success.

Exceptions

InvalidOperationException: Thrown when Status is not Success.

Table of Contents