VerifyPinCommand Class
Namespace: Yubico.YubiKey.Piv.Commands Assembly: Yubico.YubiKey.dllVerify the PIV PIN.
public sealed class VerifyPinCommand : Object, IYubiKeyCommand<VerifyPinResponse>
Implements
Remarks
The partner Response class is VerifyPinResponse.
Some operations require the user enter a PIN. Use this class to build a command to verify the PIN. This will generally be used in conjunction with other commands that require the PIN. But it is possible to simply use this command to verify the PIN only.
The PIN starts out as a default value: "123456", which in ASCII is the
6-byte sequence 0x31 32 33 34 35 36
. Generally, the first thing
done when a YubiKey is initialized for PIV is to change the PIN (along
with the PUK and management key). The PIN must be 6 to 8 bytes.
Ultimately the bytes that make up the PIN can be any binary value, but
are generally input from a keyboard, so are usually made up of ASCII
characters.
The PIN you pass in must be 6 to 8 bytes long. If the actual PIN collected is less than 6 or more than 8 bytes long, it will be invalid.
Note that with PIV there is also a PUK (PIN Unblocking Key). This command cannot verify a PUK.
When you pass a PIN to this class (the PIN to verify), the class will
copy a reference to the object passed in, it will not copy the value.
Because of this, you cannot overwrite the PIN until this object is done
with it. It will be safe to overwrite the PIN after calling
connection.SendCommand
. See the User's Manual
entry on sensitive data for
more information on this topic.
Example:
/* This example assumes the application has a method to collect a PIN.
*/
byte[] pin;
IYubiKeyConnection connection = key.Connect(YubiKeyApplication.Piv);
pin = CollectPin();
var verifyPinCommand = new VerifyPinCommand(pin);
VerifyPinResponse verifyPinResponse = connection.SendCommand(verifyPinCommand);
if (resetRetryResponse.Status == ResponseStatus.AuthenticationRequired)
{
int retryCount = resetRetryResponse.GetData();
/* report the retry count */
}
else if (verifyPinResponse.Status != ResponseStatus.Success)
{
// Handle error
}
CryptographicOperations.ZeroMemory(pin)
Constructors
Name | Description |
---|---|
VerifyPinCommand(ReadOnlyMemory<Byte>) | Initializes a new instance of the VerifyPinCommand class which will use the given PIN. |
Properties
Name | Description |
---|---|
Application | Gets the YubiKeyApplication to which this command belongs. For this command it's PIV. |
Methods
Name | Description |
---|---|
CreateCommandApdu() | Creates a well-formed CommandApdu to send to the YubiKey. |
CreateResponseForApdu(ResponseApdu) | Creates the corresponding IYubiKeyResponse implementation for the current command. |