PivMetadata Class
Namespace: Yubico.YubiKey.Piv Assembly: Yubico.YubiKey.dllThis class parses the response data from the PIV Get Metadata command. It holds data about the key in a slot.
public class PivMetadataRemarks
The response to the
GetMetadataCommand is
GetMetadataResponse.
Call the GetData method in the response object to get the
metadata. An instance of this class will be returned.
There are six possible elements of metadata:
| Metadata element | Description |
| Algorithm | |
| Policy | PIN and Touch policy |
| Origin | imported or generated by the YubiKey |
| Public Key | |
| Default value | Is the key in the slot the default value? |
| Retries | How many wrong values can be entered before the YubiKey is locked, and how many retries remain? (See the user's manual entry on PIV PIN and PUK.) |
Not all metadata information applies to all keys in all slots. For example, slot 9A holds a private key. Getting metadata for this slot will return Algorithm, Policy, Origin, and Public Key. But slot 9B holds the management key, which is a symmetric key. The metadata for this slot is Algorithm, Policy, and Default value.
The properties in this class are reporting the metadata. Check a property to see the result. However, for some elements, the property will specify None, Unknown, or in the case of the public key, an empty list.
| Metadata element | PivMetadata property |
| Algorithm | Algorithm (PivAlgorithm) |
| Policy | PinPolicy (PivPinPolicy) and TouchPolicy (PivTouchPolicy) |
| Origin | KeyStatus (PivKeyStatus) |
| Public Key | PublicKey (PivPublicKey) |
| Default value | KeyStatus (PivKeyStatus) |
| Retries | RetryCount and RetriesRemaining (See the user's manual entry on PIV PIN and PUK) |
The public key in this object is a "byte array". If it is an RSA key, the data will be two successive TLVs, the modulus followed by the public exponent.
81 || length || modulus || 82 || length || publicExponent
where the length is DER length octets.
For example:
81 82 01 00 F1 50 ... E9 82 03 01 00 01
Or to see it parsed,
81 82 01 00
F1 50 ... 50
82 03
01 00 01If the public key is an ECC key, the data will be a single TLV, the public point.
86 || length || publicPoint
where the length is DER length octets and the public point is 04 || x || y
For example:
86 41 04 C4 17 ... 26
Or to see it parsed,
86 41
04 C4 17 ... 26To learn about how to use the public key data, see the User's Manual entry on public keys.
Constructors
| Name | Description |
|---|---|
| PivMetadata(ReadOnlyMemory<byte>, byte) | The constructor that takes in the metadata encoding returned by the YubiKey in response to the Get metadata command, along with the slot. |
Properties
| Name | Description |
|---|---|
| Algorithm | The algorithm of the key in the specified slot. |
| KeyStatus | If the key is PIN, PUK, or management, is it the default value? |
| PinPolicy | The policy for requiring the PIN before operations using the key in the given slot. |
| PublicKey | The public key associated with the private key in the given slot. |
| PublicKeyParameters | The public key associated with the private key in the given slot. |
| RetriesRemaining | How many PIN or PUK retries remain before the PIN or PUK will be locked. If the slot is not PIN or PUK, this value will be -1, indicating the count is unknown. |
| RetryCount | The total number of wrong PINs or PUKs that can be entered before the PIN or PUK will be locked. If the slot is not PIN or PUK, this value will be -1, indicating the count is unknown. |
| Slot | The slot for the metadata listed in this instance. |
| TouchPolicy | The policy for requiring touch before operations using the key in the given slot. |