Show / Hide Table of Contents

CardholderUniqueId Class

Namespace: Yubico.YubiKey.Piv.Objects Assembly: Yubico.YubiKey.dll

Use this class to process the CHUID (CardHolder Unique Identifier) data.

C#
public sealed class CardholderUniqueId : PivDataObject
Inheritance object PivDataObject CardholderUniqueId

Remarks

A CHUID consists of five values:

  • FASC-N (Federal Agency SmartCredential Number)
  • GUID (Global Unique Identifier)
  • Expiration Date
  • Issuer Asymmetric Signature
  • LRC (error code)

For the YubiKey, the FASC-N and Expiration Date are fixed. That is, the FASC-N and Expiration Date are the same for all YubiKeys.

The YubiKey does not use the signature value, and the PIV standard does not use the LRC. Hence, those two values are "empty".

You can set the GUID to any 16-byte value you want, but it is generally a random value. That is so each YubiKey has a different GUID.

You will generally get the current CHUID for a YubiKey using one of the PivSession.ReadObject methods. Upon manufacture, the CHUID is "empty", so the CardHolderUniqueId object will be empty as well (the IsEmpty property will be true). You can then set the GUID (or have a random GUID generated for you) and then store the CHUID using the PivSession.WriteObject method.

It is also possible the CHUID is already set on the YubiKey. In that case, call one of the PivSession.ReadObject methods and the resulting object will have IsEmpty set to false and you can see the GUID that is on the YubiKey.

Finally, you can create a new CardholderUniqueId object by calling the constructor directly, then set the GUID and call PivSession.WriteObject. That will, of course, overwrite the CHUID on the YubiKey, if there is one. Because that might not be something you want to do, this is the most dangerous option.

See also the user's manual entry on PIV data objects.

Constructors

Name Description
CardholderUniqueId()

Build a new object. This will not get a CHUID from any YubiKey, it will only build an "empty" object.

Properties

Name Description
ExpirationDate

The PIV card's expiration date. This is a fixed value for every YubiKey: Jan 1, 2030.

FascNumber

The "Federal Agency Smart Credential Number" (FASC-N). This is a fixed 25-byte value for every YubiKey, and is a Non-Federal Issuer number.

GuidValue

The "Global Unique Identifier" (GUID). If there is no CHUID, this is "empty" (Guid.Length will be 0). This is a 16-byte value.

Methods

Name Description
Dispose(bool)

Releases any unmanaged resources and overwrites any sensitive data.

Encode()

Build the encoding of the data.

GetDefinedDataTag()

Get the defined data tag. This is the data tag that the PIV standard or Yubico defines to specify the given data object.

SetGuid(ReadOnlySpan<byte>)

Set the Guid with the given value. If the array is not exactly 16 bytes, this method will throw an exception.

SetRandomGuid()

Set the Guid with a random, 16-byte value.

TryDecode(ReadOnlyMemory<byte>)

Try to decode the data given according to the format specified for the data object. If successful, return true, otherwise, return false.

In this article
Back to top Generated by DocFX