Table of Contents

Class GenerateKeyPairResponse

Namespace
Yubico.YubiKey.Piv.Commands
Assembly
Yubico.YubiKey.dll

The response to the generate key pair command, containing the public key of the pair that was generated.

public class GenerateKeyPairResponse : PivResponse, IYubiKeyResponseWithData<PivPublicKey>, IYubiKeyResponse
Inheritance
object
GenerateKeyPairResponse
Implements
Inherited Members

Remarks

This is the partner Response class to GenerateKeyPairCommand.

The data returned by GetData is a PivPublicKey object, containing the algorithm and encoded public key (described below). If the generate is successful, the return will actually be an instance of PivRsaPublicKey or PivEccPublicKey. Each of those objects contain the specific key data parsed. After getting the key, check the Algorithm property or use the "is" operation to determine the actual type.

If the property Status is not ResponseStatus.Success, GetData GetData will throw an exception.

If the key is RSA, the encoded key data will be two successive TLVs, the modulus followed by the public exponent.

81 || length || modulus || 82 || length || publicExponent
where the length is DER length octets.
For example:
81 82 01 00 F1 50 ... E9 82 03 01 00 01
Or to see it parsed,
81 82 01 00
   F1 50 ... 50
82 03
   01 00 01

If the public key is an ECC key, the data will be a single TLV, the public point.

86 || length || publicPoint
where the length is DER length octets and the public point is 04 || x || y
For example:
86 41 04 C4 17 ... 26
Or to see it parsed,
86 41
   04 C4 17 ... 26

To learn about how to use the public key data, see the User's Manual entry on public keys.

Example:

IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var generateKeyPairCommand = new GenerateKeyPairCommand(
    PivSlot.Signing, PivAlgorithm.EccP384, PivPinPolicy.Default, PivTouchPolicy.Default);
GenerateKeyPairResponse generateKeyPairResponse =
    connection.SendCommand(generateKeyPairCommand);
if (generateKeyPairCommand.Status != ResponseStatus.Success)
{
  // Handle error
}
PivPublicKey pubKey = generateKeyPairResponse.GetData();

Constructors

GenerateKeyPairResponse(ResponseApdu, byte, PivAlgorithm)

Constructs a GenerateKeyPairResponse based on a ResponseApdu received from the YubiKey.

public GenerateKeyPairResponse(ResponseApdu responseApdu, byte slotNumber, PivAlgorithm algorithm)

Parameters

responseApdu ResponseApdu

The object containing the response APDU
returned by the YubiKey.

slotNumber byte

The slot for which the key pair was generated.

algorithm PivAlgorithm

The algorithm (and key size) of the key pair generated.

Properties

Algorithm

The algorithm (and key size) of the key pair.

public PivAlgorithm Algorithm { get; set; }

Property Value

PivAlgorithm

The algorithm.

Exceptions

ArgumentException

The algorithm specified is not a supported asymmetric algorithm.

Data

public Memory<byte> Data { get; }

Property Value

Memory<byte>

SlotNumber

The slot where the key pair was generated.

public byte SlotNumber { get; set; }

Property Value

byte

The slot number, see PivSlot

Exceptions

ArgumentException

The slot specified is not one that can generate a key pair.

Methods

GetData()

Gets the public key from the YubiKey response.

public PivPublicKey GetData()

Returns

PivPublicKey

The public key as a PivPublicKey (or subclass: PivRsaPublicKey or PivEccPublicKey) object.

Remarks

Note that if there is no data to return, this method will throw an exception. Even if the response indicates AuthenticationRequired (see the Status property), which means the process was not completed because the wrong or no PIN was entered, or the YubiKey was not touched within the time period. That is, it is not an error, the process is simply incomplete. Nonetheless, in that case the method will throw an exception. Hence, do not call this method unless you know that Status is Success.

Exceptions

InvalidOperationException

Thrown when Status is not Success.