CompleteAuthenticateManagementKeyCommand Class

Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dll

Complete the process to authenticate the PIV management key.

C#

public sealed class CompleteAuthenticateManagementKeyCommand : IYubiKeyCommand<CompleteAuthenticateManagementKeyResponse>

Inheritance object CompleteAuthenticateManagementKeyCommand

Implements

IYubiKeyCommand<CompleteAuthenticateManagementKeyResponse>

Remarks

In the PIV standard, there is a command called GENERAL AUTHENTICATE. Although it is one command, it can do four things: authenticate a management key (challenge-response), sign arbitrary data, RSA decryption, and EC Diffie-Hellman. The SDK breaks these four operations into separate classes. This class is how you complete the process of performing "GENERAL AUTHENTICATE: management key".

The partner Response class is CompleteAuthenticateManagementKeyResponse.

See the comments for the class InitializeAuthenticateManagementKeyCommand, there is a lengthy discussion of the process of authenticating the management key, including descriptions of the challenges and responses.

When you pass a management key to this class (the management key to authenticate), the class will copy it, use it immediately, and overwrite the local buffer. The class will not keep a reference to your key data. Because of this, you can overwrite the management key data immediately upon return from the constructor if you want. See the User's Manual entry on sensitive data for more information on this topic.

This class will need a random number generator and either a triple-DES or AES object. It will get them from the CryptographyProviders class. That class will build default implementations. It is possible to change that class to build alternate versions. See the user's manual entry on alternate crypto for information on how to do so.

Constructors

Name	Description
CompleteAuthenticateManagementKeyCommand(InitializeAuthenticateManagementKeyResponse, ReadOnlySpan<byte>)	Build a new instance of the CompleteAuthenticateManagementKeyCommand class for the algorithm specified in initializeAuthenticationResponse.

Properties

Name	Description
Algorithm	Which algorithm is the management key.
Application	Gets the YubiKeyApplication to which this command belongs. For this command it's PIV.

Methods

Name	Description
CreateCommandApdu()	Creates a well-formed CommandApdu to send to the YubiKey.
CreateResponseForApdu(ResponseApdu)	Creates the corresponding IYubiKeyResponse implementation for the current command.