ChangeReferenceDataCommand Class
Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dllChange the PIN or PUK.
public sealed class ChangeReferenceDataCommand : Object, IYubiKeyCommand<ChangeReferenceDataResponse>
Implements
Remarks
The partner Response class is ChangeReferenceDataResponse.
The PIN starts out as a default value: "123456", which in ASCII is the
6-byte sequence 0x31 32 33 34 35 36
. The PUK (PIN Unblocking Key)
starts out as a default value as well: "12345678", which in ASCII is the
8-byte sequence 0x31 32 33 34 35 36 37 38
. Generally, the first
thing done when a YubiKey is initialized for PIV is to change the PIN and
PUK (along with the management key). The PUK must be 6 to 8 bytes.
Ultimately the bytes that make up the PIN or PUK can be any binary value,
but are generally input from a keyboard, so are usually made up of ASCII
characters.
When you pass a PIN or PUK to this class (the PIN or PUK to change, along
with the new value), the class will copy a reference to the object passed
in, it will not copy the value. Because of this, you cannot overwrite the
PIN until this object is done with it. It will be safe to overwrite the
PIN after calling connection.SendCommand
. See the User's Manual
entry on sensitive data for
more information on this topic.
Example:
using System.Security.Cryptography;
/* This example assumes the application has a method to collect a
* PIN/PUK.
*/
byte[] oldPuk;
byte[] newPuk;
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
oldPuk = CollectPuk();
newPuk = CollectNewPuk();
var changeReferenceDataCommand =
new ChangeReferenceDataCommand(PivSlot.Puk, oldPuk, newPuk);
ChangeReferenceDataResponse changeReferenceDataResponse =
connection.SendCommand(changeReferenceDataCommand);
if (changeReferenceDataResponse.Status != ResponseStatus.Success)
{
if (resetRetryResponse.Status == ResponseStatus.AuthenticationRequired)
{
int retryCount = resetRetryResponse.GetData();
/* report the retry count */
}
else
{
// Handle error
}
}
CryptographicOperations.ZeroMemory(puk);
CryptographicOperations.ZeroMemory(newPuk);
Constructors
Name | Description |
---|---|
ChangeReferenceDataCommand(Byte, ReadOnlyMemory<Byte>, ReadOnlyMemory<Byte>) | Build a new Command object to "change reference data", which means to change a PIN or PUK. |
Properties
Name | Description |
---|---|
Application | Gets the YubiKeyApplication to which this command belongs. For this command it's PIV. |
SlotNumber | The slot for the PIN or PUK. |
Methods
Name | Description |
---|---|
CreateCommandApdu() | Creates a well-formed CommandApdu to send to the YubiKey. |
CreateResponseForApdu(ResponseApdu) | Creates the corresponding IYubiKeyResponse implementation for the current command. |