PivPrivateKey Class

Namespace: Yubico.YubiKey.Piv Assembly: Yubico.YubiKey.dll

This class holds a private key. It contains the algorithm and TLV encoding. Subclasses will contain specific components of the key.

public class PivPrivateKey : PrivateKey, IPrivateKey, IKeyBase

Inheritance object PrivateKey PivPrivateKey

: PivEccPrivateKey

PivRsaPrivateKey

Implements

IPrivateKey

IKeyBase

Remarks

Note that this class contains a Clear method. This class will hold copies of sensitive data (the private key data), and that data should be overwritten as soon as the object is no longer needed. Note that there are SDK classes that take in a PivPrivateKey object as input, and copy a reference. For example, look at ImportAsymmetricKeyCommand. You want to call the Clear method, but not before the SDK class is done with it. The documentation for those classes that copy a reference to the private key you pass in will describe when it is safe to call the Clear method.

There are currently two kinds of private keys YubiKey supports: RSA and ECC. This class is the base class for all supported private keys.

When you import a key (see ImportAsymmetricKeyCommand), you provide the private key as an instance of this class. It will really be an instance of one of the subclasses. You will likely build an instance of the subclass and pass it in as PivPrivateKey.

You will likely build the subclass using the individual components, rather than the encoding. But it is possible to build an object from an encoded private key.

The TLV encoding of an RSA private key (Yubico proprietary schema) is

01 length prime P || 02 length prime Q ||
03 length prime p Exponent dP || 04 length prime q Exponent dQ ||
05 length CRT coefficient

The TLV encoding of an ECC private key (Yubico proprietary schema) is

06 length private value s

Constructors

Name	Description
PivPrivateKey()	This builds an empty object. The `Algorithm` is `None` and the `EncodedPrivateKey` is empty.

Properties

Name	Description
Algorithm	The algorithm of the key in this object.
EncodedKey
EncodedPrivateKey	Contains the TLV encoding of the private key.
KeyType	Gets the type of the cryptographic key.

Methods

Name	Description
Clear()	Call on the object to clear (overwrite) any sensitive data it is holding.
Create(ReadOnlyMemory<byte>, PivAlgorithm?)	Create a new instance of a PivPrivateKey from the given encoded value.
ExportPkcs8PrivateKey()	Exports the current key in the PKCS#8 PrivateKeyInfo format.

Extension Methods

IPrivateKeyExtensions.Cast<T>(IPrivateKey)

KeyExtensions.EncodeAsPiv(IPrivateKey)