PivPrivateKey Class
Namespace: Yubico.YubiKey.Piv Assembly: Yubico.YubiKey.dllThis class holds a private key. It contains the algorithm and TLV encoding. Subclasses will contain specific components of the key.
public class PivPrivateKey : ObjectRemarks
Note that this class contains a Clear method. This class will hold
copies of sensitive data (the private key data), and that data should be
overwritten as soon as the object is no longer needed. Note that there
are SDK classes that take in a PivPrivateKey object as input, and copy a
reference. For example, look at
ImportAsymmetricKeyCommand. You want to call the
Clear method, but not before the SDK class is done with it. The
documentation for those classes that copy a reference to the private key
you pass in will describe when it is safe to call the Clear method.
There are currently two kinds of private keys YubiKey supports: RSA and ECC. This class is the base class for all supported private keys.
When you import a key (see ImportAsymmetricKeyCommand),
you provide the private key as an instance of this class. It will really be
an instance of one of the subclasses. You will likely build an instance
of the subclass and pass it in as PivPrivateKey.
You will likely build the subclass using the individual components, rather than the encoding. But it is possible to build an object from an encoded private key.
The TLV encoding of an RSA private key (Yubico proprietary schema) is
01 length prime P || 02 length prime Q ||
03 length prime p Exponent dP || 04 length prime q Exponent dQ ||
05 length CRT coefficient 06 length private value sConstructors
| Name | Description |
|---|---|
| PivPrivateKey() | This builds an empty object. The |
Properties
| Name | Description |
|---|---|
| Algorithm | The algorithm of the key in this object. |
| EncodedKey | |
| EncodedPrivateKey | Contains the TLV encoding of the private key. |
Methods
| Name | Description |
|---|---|
| Clear() | Call on the object to clear (overwrite) any sensitive data it is holding. |
| Create(ReadOnlyMemory<Byte>) | Create a new instance of a PivPrivateKey from the given encoded value. |