CreateAttestationStatementCommand Class

Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dll

Build an attestation statement for a private key in a specified slot.

C#

public sealed class CreateAttestationStatementCommand : IYubiKeyCommand<CreateAttestationStatementResponse>

Inheritance object CreateAttestationStatementCommand

Implements

IYubiKeyCommand<CreateAttestationStatementResponse>

Remarks

An attestation statement is an X.509 certificate. It verifies that a private key has been generated by the YubiKey. If the private key in a slot was imported, this command will not work.

The create attestation statement command is available on YubiKey version 4.3 and later.

The partner Response class is CreateAttestationStatementResponse.

It is possible to build attestation statements for keys in slots 9A, 9C, 9D, 9E, and 82 through 95. The certificate created will contain the public key partner to the private key in the cert, along with the YubiKey's serial number. The cert will be signed by the attestation key, the private key in slot F9.

Example:

using System.Security.Cryptography.X509Certificates;
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var createAttestationStatementCommand = new CreateAttestationStatementCommand (0x9A);
CreateAttestationStatementResponse createAttestationStatementResponse =
    connection.SendCommand(createAttestationStatementCommand);
if (createAttestationStatementResponse.Status != ResponseStatus.Success)
{
  // Handle error
}
X509Certificate2 attestationStatement = createAttestationStatementResponse.GetData();

Constructors

Name	Description
CreateAttestationStatementCommand()	Initializes a new instance of the CreateAttestationStatementCommand class.
CreateAttestationStatementCommand(byte)	Initializes a new instance of the CreateAttestationStatementCommand class. This command takes the slot number as input.

Properties

Name	Description
Application	Gets the YubiKeyApplication to which this command belongs. For this command, it's PIV.
SlotNumber	The slot holding the key to be attested.

Methods

Name	Description
CreateCommandApdu()	Creates a well-formed CommandApdu to send to the YubiKey.
CreateResponseForApdu(ResponseApdu)	Creates the corresponding IYubiKeyResponse implementation for the current command.