Table of Contents

Class PivAlgorithmExtensions

Namespace
Yubico.YubiKey.Piv
Assembly
Yubico.YubiKey.dll

Extension methods for working with the PivAlgorithm enum.

public static class PivAlgorithmExtensions
Inheritance
object
PivAlgorithmExtensions

Methods

GetKeyType(PivAlgorithm)

Converts a PivAlgorithm to its corresponding KeyType.

public static KeyType GetKeyType(this PivAlgorithm pivAlgorithm)

Parameters

pivAlgorithm PivAlgorithm

The PIV algorithm to convert.

Returns

KeyType

The corresponding KeyType.

Exceptions

NotSupportedException

Thrown when the PIV algorithm cannot be mapped to a KeyType.

GetPivAlgorithm(KeyType)

Converts a KeyType to its corresponding PivAlgorithm.

public static PivAlgorithm GetPivAlgorithm(this KeyType keyType)

Parameters

keyType KeyType

The key type to convert.

Returns

PivAlgorithm

The corresponding PivAlgorithm.

Exceptions

NotSupportedException

Thrown when the key type is not supported by PIV.

GetPivKeyDefinition(KeyDefinition)

Gets the PivAlgorithmDefinition for a given KeyDefinition.

public static PivAlgorithmDefinition GetPivKeyDefinition(this KeyDefinition keyDefinition)

Parameters

keyDefinition KeyDefinition

The key definition to look up.

Returns

PivAlgorithmDefinition

The corresponding PivAlgorithmDefinition.

Exceptions

InvalidOperationException

Thrown when no matching algorithm definition is found.

GetPivKeyDefinition(PivAlgorithm)

Gets the PivAlgorithmDefinition for a given PivAlgorithm.

public static PivAlgorithmDefinition GetPivKeyDefinition(this PivAlgorithm algorithm)

Parameters

algorithm PivAlgorithm

The PIV algorithm to look up.

Returns

PivAlgorithmDefinition

The corresponding PivAlgorithmDefinition, or null if not found.

IsEcc(PivAlgorithm)

Determines if the given algorithm is ECC.

public static bool IsEcc(this PivAlgorithm algorithm)

Parameters

algorithm PivAlgorithm

The algorithm to check.

Returns

bool

A boolean, true if the algorithm is ECC, and false otherwise.

Remarks

The PivAlgorithm enum contains EccP256 and EccP384. But sometimes you just want to know if an algorithm is ECC or not. It would seem you would have to write code such as the following.

if ((algorithm == PivAlgorith.EccP256) || (algorithm == PivAlgorithm.ECCP384))

With this extension, you can simply write.

if (algorithm.IsEcc())

IsRsa(PivAlgorithm)

Determines if the given algorithm is RSA.

public static bool IsRsa(this PivAlgorithm algorithm)

Parameters

algorithm PivAlgorithm

The algorithm to check.

Returns

bool

A boolean, true if the algorithm is RSA, and false otherwise.

Remarks

The PivAlgorithm enum contains Rsa1024, Rsa2048, Rsa3072, and Rsa4096. But sometimes you just want to know if an algorithm is RSA or not. It would seem you would have to write code such as the following.

if ((algorithm == PivAlgorith.Rsa1024) || (algorithm == PivAlgorithm.Rsa2048) || (algorithm == PivAlgorithm.Rsa3072) || (algorithm == PivAlgorithm.Rsa4096))

With this extension, you can simply write.

if (algorithm.IsRsa())

KeySizeBits(PivAlgorithm)

The size of a key, in bits, of the given algorithm.

public static int KeySizeBits(this PivAlgorithm algorithm)

Parameters

algorithm PivAlgorithm

The algorithm name to check.

Returns

int

An int, the size, in bits, of a key of the given algorithm.

Remarks

The PivAlgorithm enum specifies algorithm and key size for RSA and ECC. If you have a variable of type PivAlgorithm, use this extension to get the bit size out.

For example, suppose you obtain a public key from storage, and have a Yubico.YubiKey.Piv.PivPublicKey object. Maybe your code performs different tasks based on the key size (e.g. use SHA-256 or SHA-384, or build a buffer for signing). You can look at the Algorithm property to learn the algorithm and key size. However, if all you want is the key size, use this extension:

PivPublicKey publicKey = SomeClass.GetPublicKey(someSearchParam);
byte[] buffer = new byte[publicKey.Algorithm.KeySizeBits() / 8];

This will return the following values for each value of PivAlgorithm.

Rsa1024    1024
Rsa2048    2048
Rsa3072    3072
Rsa4096    4096
EccP256     256
EccP384     384
EccP521     521
EccEd25519  256
EccX25519   256
Aes128      128
Aes192      192
Aes256      256
TripleDes   192
Pin          64
None          0
Note that a Triple-DES key is made up of three DES keys, and each DES key is 8 bytes (64 bits). However, because there are 8 "parity bits" in each DES key, the actual key strength of a DES key is 56 bits. That means the actual key strength of a Triple-DES key is 168 bits. In addition, because of certain attacks, it is possible to reduce the strength of a Triple-DES key to 112 bits (it takes the equivalent of a 112-bit brute-force attack to break a Triple-DES key). Nonetheless, this extension will return 192 as the key length, in bits, of a Triple-DES key.

A PIN or PUK is 6 to 8 bytes long. Hence, the maximum size, in bits, of a PivAlgorithm.Pin is 64.