Table of Contents

Class ImportAsymmetricKeyCommand

Namespace
Yubico.YubiKey.Piv.Commands
Assembly
Yubico.YubiKey.dll

Import an existing private key into one of the asymmetric key slots (9a, 9c, 9d, 9e, 82 - 95).

public sealed class ImportAsymmetricKeyCommand : IYubiKeyCommand<ImportAsymmetricKeyResponse>
Inheritance
object
ImportAsymmetricKeyCommand
Implements

Remarks

The partner Response class is ImportAsymmetricKeyResponse.

In order to import a key, you must authenticate the management key. The management key is not part of this command. For information on how to authenticate a management key in order to perform operations, see the User's Manual entry on PIV commands access control.

When you import a private key, you specify which slot will hold this key. If there is a key in that slot already, this command will replace it. That old key will be gone and there will be nothing you can do to recover it. Hence, use this command with caution.

If you have a certificate to accompany the private key you are importing using this command, you can load it using the Put Data command.

The PIN policy determines whether using the private key to sign or decrypt will require authenticating with the PIN or not. By default, the PIN policy is always require a PIN in order to use the key in that slot. See the User's Manual entry on PIN and touch policies for more information.

Similarly, the touch policy determines whether using the private key will require touch or not. The default is never.

When you pass the private key to this class, it will copy a reference to the object passed in, it will not copy the value. Because of this, you cannot call its Clear method until this object is done with it. It will be safe to clear the private key after calling connection.SendCommand. See the User's Manual entry on sensitive data for more information on this topic.

Example:

var privateKey = new PivEccPrivateKey(privateValue);
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
var importKeyCommand = new ImportAsymmetricKeyCommand(
    privateKey, PivSlot.Signing, PivPinPolicy.Default, PivTouchPolicy.Default);
ImportAsymmetricKeyResponse importAsymmetricKeyResponse =
    connection.SendCommand(importAsymmetricKeyCommand);
if (importAsymmetricKeyResponse.Status != ResponseStatus.Success)
{
    // Handle error
}
privateKey.Clear();

Constructors

ImportAsymmetricKeyCommand(ReadOnlyMemory<byte>, KeyType, byte, PivPinPolicy, PivTouchPolicy)

public ImportAsymmetricKeyCommand(ReadOnlyMemory<byte> encodedKey, KeyType keyType, byte slotNumber, PivPinPolicy pinPolicy = PivPinPolicy.Default, PivTouchPolicy touchPolicy = PivTouchPolicy.Default)

Parameters

encodedKey ReadOnlyMemory<byte>
keyType KeyType
slotNumber byte
pinPolicy PivPinPolicy
touchPolicy PivTouchPolicy

Properties

Algorithm

The algorithm (and size) of the key being imported.

public PivAlgorithm Algorithm { get; }

Property Value

PivAlgorithm

The algorithm.

Application

Gets the YubiKeyApplication to which this command belongs. For this command it's PIV.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Piv

PinPolicy

The PIN policy the key will have. None is equivalent to Default.

public PivPinPolicy PinPolicy { get; set; }

Property Value

PivPinPolicy

The PIN policy flag.

SlotNumber

The slot into which the key will be imported.

public byte SlotNumber { get; set; }

Property Value

byte

The slot number, see PivSlot

Exceptions

ArgumentException

The slot specified is not valid for public key operations.

TouchPolicy

The touch policy the key will have. None is equivalent to Default.

public PivTouchPolicy TouchPolicy { get; set; }

Property Value

PivTouchPolicy

The touch policy flag.

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public ImportAsymmetricKeyResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

ImportAsymmetricKeyResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.