Show / Hide Table of Contents

GenerateKeyPairCommand Class

Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dll

Generate a new asymmetric key pair.

C#
public sealed class GenerateKeyPairCommand : IYubiKeyCommand<GenerateKeyPairResponse>
Inheritance object GenerateKeyPairCommand
Implements
IYubiKeyCommand<GenerateKeyPairResponse>

Remarks

The partner Response class is GenerateKeyPairResponse.

In order to generate a key pair, you must authenticate the management key. The management key is not part of this command. For information on how to authenticate a management key in order to perform operations, see the User's Manual entry on PIV commands access control.

When you generate a key pair, you specify which slot will hold this new key. If there is a key in that slot already, this command will replace it. That old key will be gone and there will be nothing you can do to recover it. Hence, use this command with caution.

Note that this command will generate a key pair, and from the Response class you can retrieve the public key. However, you will still need to obtain a certificate for this private key outside of this SDK. Once you have the certificate, you can load it into the YubiKey using the Put Data command.

The PIN policy determines whether using the private key to sign or decrypt will require authenticating with the PIN or not. By default, the PIN policy is always require a PIN in order to use the key in that slot. See the User's Manual entry on PIN and touch policies for more information.

Similarly, the touch policy determines whether using the private key will require touch or not. The default is never.

Example:

IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var generateKeyPairCommand = new GenerateKeyPairCommand(
    PivSlot.Signing, PivAlgorithm.EccP384, PivPinPolicy.Default, PivTouchPolicy.Default);
GenerateKeyPairResponse generateKeyPairResponse =
    connection.SendCommand(generateKeyPairCommand);
if (generateKeyPairCommand.Status != ResponseStatus.Success)
{
  // Handle error
}
PivPublicKey pubKey = generateKeyPairResponse.GetData();

Constructors

Name Description
GenerateKeyPairCommand()

Initializes a new instance of the GenerateKeyPairCommand class. This command will set the PinPolicy and TouchPolicy to the defaults.

GenerateKeyPairCommand(byte, KeyType, PivPinPolicy, PivTouchPolicy)
GenerateKeyPairCommand(byte, PivAlgorithm, PivPinPolicy, PivTouchPolicy)

Initializes a new instance of the GenerateKeyPairCommand class. This command takes the slot number, algorithm, and PIN and touch policies as input.

Properties

Name Description
Algorithm

The algorithm (and size) of the key to generate.

Application

Gets the YubiKeyApplication to which this command belongs. For this command it's PIV.

PinPolicy

The PIN policy the key will have. None is equivalent to Default.

SlotNumber

The slot for which a key pair will be generated.

TouchPolicy

The touch policy the key will have. None is equivalent to Default.

Methods

Name Description
CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

In this article
Back to top Generated by DocFX