Class GenerateKeyPairResponse
The response to the generate key pair command, containing the public key of the pair that was generated.
public class GenerateKeyPairResponse : PivResponse, IYubiKeyResponseWithData<PivPublicKey>, IYubiKeyResponse
- Inheritance
-
objectGenerateKeyPairResponse
- Implements
-
IYubiKeyResponseWithData<PivPublicKey>
- Inherited Members
Remarks
This is the partner Response class to GenerateKeyPairCommand.
The data returned by GetData
is a PivPublicKey
object,
containing the algorithm and encoded public key (described below). If the
generate is successful, the return will actually be an instance of
PivRsaPublicKey
or PivEccPublicKey
. Each of those objects
contain the specific key data parsed. After getting the key, check the
Algorithm
property or use the "is" operation to determine the
actual type.
If the property Status
is not ResponseStatus.Success
, GetData
GetData
will throw an exception.
If the key is RSA, the encoded key data will be two successive TLVs, the modulus followed by the public exponent.
81 || length || modulus || 82 || length || publicExponent
where the length is DER length octets.
For example:
81 82 01 00 F1 50 ... E9 82 03 01 00 01
Or to see it parsed,
81 82 01 00
F1 50 ... 50
82 03
01 00 01
If the public key is an ECC key, the data will be a single TLV, the public point.
86 || length || publicPoint
where the length is DER length octets and the public point is 04 || x || y
For example:
86 41 04 C4 17 ... 26
Or to see it parsed,
86 41
04 C4 17 ... 26
To learn about how to use the public key data, see the User's Manual entry on public keys.
Example:
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var generateKeyPairCommand = new GenerateKeyPairCommand(
PivSlot.Signing, PivAlgorithm.EccP384, PivPinPolicy.Default, PivTouchPolicy.Default);
GenerateKeyPairResponse generateKeyPairResponse =
connection.SendCommand(generateKeyPairCommand);
if (generateKeyPairCommand.Status != ResponseStatus.Success)
{
// Handle error
}
PivPublicKey pubKey = generateKeyPairResponse.GetData();
Constructors
GenerateKeyPairResponse(ResponseApdu, byte, PivAlgorithm)
Constructs a GenerateKeyPairResponse based on a ResponseApdu received from the YubiKey.
public GenerateKeyPairResponse(ResponseApdu responseApdu, byte slotNumber, PivAlgorithm algorithm)
Parameters
responseApdu
ResponseApduThe object containing the response APDU
returned by the YubiKey.slotNumber
byteThe slot for which the key pair was generated.
algorithm
PivAlgorithmThe algorithm (and key size) of the key pair generated.
Properties
Algorithm
The algorithm (and key size) of the key pair.
public PivAlgorithm Algorithm { get; set; }
Property Value
- PivAlgorithm
The algorithm.
Exceptions
- ArgumentException
The algorithm specified is not a supported asymmetric algorithm.
Data
public Memory<byte> Data { get; }
Property Value
- Memory<byte>
SlotNumber
The slot where the key pair was generated.
public byte SlotNumber { get; set; }
Property Value
- byte
The slot number, see PivSlot
Exceptions
- ArgumentException
The slot specified is not one that can generate a key pair.
Methods
GetData()
Gets the public key from the YubiKey response.
public PivPublicKey GetData()
Returns
- PivPublicKey
The public key as a PivPublicKey (or subclass: PivRsaPublicKey or PivEccPublicKey) object.
Remarks
Note that if there is no data to return, this method will throw an
exception. Even if the response indicates
AuthenticationRequired
(see the Status
property), which
means the process was not completed because the wrong or no PIN was
entered, or the YubiKey was not touched within the time period. That
is, it is not an error, the process is simply incomplete.
Nonetheless, in that case the method will throw an exception. Hence,
do not call this method unless you know that Status
is
Success
.