Class GetDataCommand

Namespace

Yubico.YubiKey.Piv.Commands

Assembly

Yubico.YubiKey.dll

Get a Data Object from the YubiKey.

public sealed class GetDataCommand : IYubiKeyCommand<GetDataResponse>

Inheritance

object

GetDataCommand

Implements

IYubiKeyCommand<GetDataResponse>

Remarks

The partner Response class is GetDataResponse.

See also the User's Manual entries on Get and Put Data and PIV objects, along with the documentation for the PutDataCommand.

Note that for some Data Objects there are higher-level APIs that are easier to use. An application that needs to retrieve information often will not need to use this command. For example, if you want to get a certificate from a YubiKey, use GetCertificate(byte). Or if you want to store/retrieve Key History, use ReadObject<T>() and WriteObject(PivDataObject) along with the KeyHistory class. Under the covers, these APIs will ultimately call this command. But the application that uses the SDK can simply make the specific API calls, rather than use Get Data.

There are a number of ways to use this command. The old, obsolete way is to provide the DataTag using the PivDataTag enum. The constructor GetDataCommand(PivDataTag) and the property Tag require using PIV-defined DataTags. This constructor and that property are marked "Obsolete" and will be removed from the SDK in the future. However, it will still be possible to get the same functionality using the updated API.

The API you should use are the constructors GetDataCommand(), and GetDataCommand(int), along with the property DataTag. Using these will allow you to use any DataTag (not just those defined by PIV).

While you can retrieve any data under a PIV-defined DataTag, if you want to use only PIV-defined DataTags, you can use the PivDataTag class. For example,

// Retrieve IrisImages
var getCmd = new GetDataCommand((int)PivDataTag.IrisImages);
GetDataResponse getRsp = connection.SendCommand(getCmd);
ReadOnlyMemory<byte> encodedData = getRsp.GetData();
if (!PivDataTag.IrisImages.IsValidEncodingForPut(encodedData))
{
    // handle error case.
}

Note that when you set an object with the DataTag using either the old constructor/property or the new versions, when you get it (using either old or new), you are getting the same thing. For example,

// Use the old, obsolete API to set the tag.
var getCmd = new GetDataCommand()
{
    Tag = PivDataTag.KeyHistory,
}
PivDataTag pivDataTag = getCmd.Tag;
int dataTag = getCmd.DataTag;
// At this point pivDataTag will equal PivDataTag.KeyHistory = 0x005FC10C
// dataTag will equal 0x005FC10C
// Even though the code used the old API to set the Tag property
// the new API DataTag property will return the same value.

The data returned will begin with the tag 0x53. For example,

Suppose the data is
  04 02 55 44 02 01 7F
It will be returned by the GetDataCommand as
  53 07
     04 02 55 44 02 01 7F

Example:

IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
GetDataCommand getDataCommand = new GetDataCommand((int)PivDataTag.Chuid);
GetDataResponse getDataResponse = connection.SendCommand(getDataCommand);
if (getDataResponse.StatusWord == SWConstants.Success)
{
    ReadOnlyMemory<byte> getChuid = getDataResponse.GetData();
}

Constructors

GetDataCommand()

Initializes a new instance of the GetDataCommand class.

public GetDataCommand()

Remarks

This constructor is provided for those developers who want to use the object initializer pattern. For example:

var getDataCommand = new GetDataCommand()
{
    DataTag = (int)PivDataTag.Authentication,
};

There is no default data tag, hence, for this command to be valid, the tag must be specified. So if you create an object using this constructor, you must set the DataTag property at some time before using it. Otherwise you will get an exception when you do use it.

The valid data tags are numbers from 0x005F0000 to 0x005FFFFF inclusive, along with 0x0000007E and 0x00007F61.

GetDataCommand(int)

Initializes a new instance of the GetDataCommand class.

public GetDataCommand(int dataTag)

Parameters

dataTag int

The DataTag indicating from where the data will be retrieved.

Remarks

Note that this constructor requires using a DataTag that is a number from 0x005F0000 to 0x005FFFFF inclusive, along with 0x0000007E and 0x00007F61.

Exceptions

ArgumentException

The DataTag specified is not a number between 0x005F0000 and 0x005FFFFF (inclusive), or 0x0000007E or 0x00007F61.

Properties

Application

Gets the YubiKeyApplication to which this command belongs. For this command it's PIV.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Piv

DataTag

The tag specifying from where the data is to be retrieved.

public int DataTag { get; set; }

Property Value

int

Exceptions

ArgumentException

The DataTag specified is not a number between 0x005F0000 and 0x005FFFFF (inclusive), or 0x0000007E or 0x00007F61.

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public GetDataResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

GetDataResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.