Class PivAlgorithmExtensions
Extension methods for working with the PivAlgorithm enum.
public static class PivAlgorithmExtensions
- Inheritance
-
objectPivAlgorithmExtensions
Methods
GetKeyType(PivAlgorithm)
Converts a PivAlgorithm to its corresponding KeyType.
public static KeyType GetKeyType(this PivAlgorithm pivAlgorithm)
Parameters
pivAlgorithm
PivAlgorithmThe PIV algorithm to convert.
Returns
- KeyType
The corresponding KeyType.
Exceptions
- NotSupportedException
Thrown when the PIV algorithm cannot be mapped to a KeyType.
GetPivAlgorithm(KeyType)
Converts a KeyType to its corresponding PivAlgorithm.
public static PivAlgorithm GetPivAlgorithm(this KeyType keyType)
Parameters
keyType
KeyTypeThe key type to convert.
Returns
- PivAlgorithm
The corresponding PivAlgorithm.
Exceptions
- NotSupportedException
Thrown when the key type is not supported by PIV.
GetPivKeyDefinition(KeyDefinition)
Gets the PivAlgorithmDefinition for a given KeyDefinition.
public static PivAlgorithmDefinition GetPivKeyDefinition(this KeyDefinition keyDefinition)
Parameters
keyDefinition
KeyDefinitionThe key definition to look up.
Returns
- PivAlgorithmDefinition
The corresponding PivAlgorithmDefinition.
Exceptions
- InvalidOperationException
Thrown when no matching algorithm definition is found.
GetPivKeyDefinition(PivAlgorithm)
Gets the PivAlgorithmDefinition for a given PivAlgorithm.
public static PivAlgorithmDefinition GetPivKeyDefinition(this PivAlgorithm algorithm)
Parameters
algorithm
PivAlgorithmThe PIV algorithm to look up.
Returns
- PivAlgorithmDefinition
The corresponding PivAlgorithmDefinition, or null if not found.
IsEcc(PivAlgorithm)
Determines if the given algorithm is ECC.
public static bool IsEcc(this PivAlgorithm algorithm)
Parameters
algorithm
PivAlgorithmThe algorithm to check.
Returns
- bool
A boolean, true if the algorithm is ECC, and false otherwise.
Remarks
The PivAlgorithm enum contains EccP256
and EccP384
. But
sometimes you just want to know if an algorithm is ECC or not. It
would seem you would have to write code such as the following.
if ((algorithm == PivAlgorith.EccP256) || (algorithm == PivAlgorithm.ECCP384))
With this extension, you can simply write.
if (algorithm.IsEcc())
IsRsa(PivAlgorithm)
Determines if the given algorithm is RSA.
public static bool IsRsa(this PivAlgorithm algorithm)
Parameters
algorithm
PivAlgorithmThe algorithm to check.
Returns
- bool
A boolean, true if the algorithm is RSA, and false otherwise.
Remarks
The PivAlgorithm enum contains Rsa1024
, Rsa2048
, Rsa3072
, and Rsa4096
. But
sometimes you just want to know if an algorithm is RSA or not. It
would seem you would have to write code such as the following.
if ((algorithm == PivAlgorith.Rsa1024) || (algorithm == PivAlgorithm.Rsa2048) || (algorithm == PivAlgorithm.Rsa3072) || (algorithm == PivAlgorithm.Rsa4096))
With this extension, you can simply write.
if (algorithm.IsRsa())
KeySizeBits(PivAlgorithm)
The size of a key, in bits, of the given algorithm.
public static int KeySizeBits(this PivAlgorithm algorithm)
Parameters
algorithm
PivAlgorithmThe algorithm name to check.
Returns
- int
An int, the size, in bits, of a key of the given algorithm.
Remarks
The PivAlgorithm enum specifies algorithm and key size for RSA and
ECC. If you have a variable of type PivAlgorithm
, use this
extension to get the bit size out.
For example, suppose you obtain a public key from storage, and have a
Yubico.YubiKey.Piv.PivPublicKey object. Maybe your code performs different
tasks based on the key size (e.g. use SHA-256 or SHA-384, or build a
buffer for signing). You can look at the Algorithm
property to
learn the algorithm and key size. However, if all you want is the key
size, use this extension:
PivPublicKey publicKey = SomeClass.GetPublicKey(someSearchParam);
byte[] buffer = new byte[publicKey.Algorithm.KeySizeBits() / 8];
This will return the following values for each value of
PivAlgorithm
.
Rsa1024 1024
Rsa2048 2048
Rsa3072 3072
Rsa4096 4096
EccP256 256
EccP384 384
EccP521 521
EccEd25519 256
EccX25519 256
Aes128 128
Aes192 192
Aes256 256
TripleDes 192
Pin 64
None 0
Note that a Triple-DES key is made up of three DES keys, and each DES
key is 8 bytes (64 bits). However, because there are 8 "parity bits"
in each DES key, the actual key strength of a DES key is 56 bits.
That means the actual key strength of a Triple-DES key is 168 bits. In
addition, because of certain attacks, it is possible to reduce the
strength of a Triple-DES key to 112 bits (it takes the equivalent of
a 112-bit brute-force attack to break a Triple-DES key). Nonetheless,
this extension will return 192 as the key length, in bits, of a
Triple-DES key.
A PIN or PUK is 6 to 8 bytes long. Hence, the maximum size, in bits,
of a PivAlgorithm.Pin
is 64.