Class CreateAttestationStatementCommand
Build an attestation statement for a private key in a specified slot.
public sealed class CreateAttestationStatementCommand : IYubiKeyCommand<CreateAttestationStatementResponse>
- Inheritance
-
objectCreateAttestationStatementCommand
- Implements
Remarks
An attestation statement is an X.509 certificate. It verifies that a private key has been generated by the YubiKey. If the private key in a slot was imported, this command will not work.
The create attestation statement command is available on YubiKey version 4.3 and later.
The partner Response class is CreateAttestationStatementResponse.
It is possible to build attestation statements for keys in slots 9A
,
9C
, 9D
, 9E
, and 82
through 95
. The
certificate created will contain the public key partner to the private
key in the cert, along with the YubiKey's serial number. The cert will be
signed by the attestation key, the private key in slot F9
.
Example:
using System.Security.Cryptography.X509Certificates;
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var createAttestationStatementCommand = new CreateAttestationStatementCommand (0x9A);
CreateAttestationStatementResponse createAttestationStatementResponse =
connection.SendCommand(createAttestationStatementCommand);
if (createAttestationStatementResponse.Status != ResponseStatus.Success)
{
// Handle error
}
X509Certificate2 attestationStatement = createAttestationStatementResponse.GetData();
Constructors
CreateAttestationStatementCommand()
Initializes a new instance of the CreateAttestationStatementCommand
class.
public CreateAttestationStatementCommand()
Remarks
This constructor is provided for those developers who want to use the object initializer pattern. For example:
var command = new CreateAttestationStatementCommand()
{
SlotNumber = PivSlot.Signing,
};
There is no default slot number, hence, for this command to be valid, the slot number must be specified. So if you create an object using this constructor, you must set the SlotNumber property at some time before using it. Otherwise you will get an exception when you do use it.
CreateAttestationStatementCommand(byte)
Initializes a new instance of the CreateAttestationStatementCommand class. This command takes the slot number as input.
public CreateAttestationStatementCommand(byte slotNumber)
Parameters
slotNumber
byteThe slot number containing the key to attest.
Remarks
The slot number must be either 0x9A
, 0x9C
, 0x9D
,
0x9E
, or 82
through 95
. These are the slots named,
PivSlot.Authentication
, PivSlot.Signing
,
PivSlot.KeyManagement
, PivSlot.CardAuthentication
, and
PivSlot.Retired1
through PivSlot.Retired20
If the slot specified does not have a private key, the YubiKey will not build a certificate and return an error StatusWord.
Properties
Application
Gets the YubiKeyApplication to which this command belongs. For this command, it's PIV.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Piv
SlotNumber
The slot holding the key to be attested.
public byte SlotNumber { get; set; }
Property Value
- byte
The slot number, see PivSlot
Exceptions
- ArgumentException
The slot specified is not valid for attestation.
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.
Exceptions
- InvalidOperationException
The slot specified is not valid for attestation.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public CreateAttestationStatementResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- CreateAttestationStatementResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.