PivPublicKey Class

Namespace: Yubico.YubiKey.Piv Assembly: Yubico.YubiKey.dll

This class holds a public key. It contains the algorithm and TLV encoding. Subclasses will contain specific components of the key.

public class PivPublicKey

Inheritance object PivPublicKey

: PivEccPublicKey

PivRsaPublicKey

Remarks

There are currently two kinds of public keys YubiKey supports: RSA and ECC. This class is the base class for public keys.

There are also two encoding formats: PIV-defined, and YubiKey-specific. This class handles both. Whether you have the PIV-defined or YubiKey-specific encoding, provide that encoding to the static Create factory method. It will be able to recognize both and build the appropriate key object.

Similarly, if you have the individual components of a public key, but need to build the encoding, use the appropriate subclass to construct an object. Then if you need the PIV-defined encoding, get it from the PivEncodedPublicKey property. If you need the YubiKey-specific encoding, get it from the YubiKeyEncodedPublicKey property.

When you get a public key from one of the Response APDUs (such as Generate Asymmetric or Get Metadata), it will be an instance of this class, but will really be an instance of one of the subclasses. You can know which class it is by either looking at the Algorithm property or using "is":

PivPublicKey publicKey = response.GetData();
if (publicKey is PivRsaPublicKey)
{
     process RSA key
}

The TLV encoding of an RSA key (from the PIV standard) is

7F49 L1 { 81 length modulus || 82 length public exponent }

The TLV encoding of an ECC key (from the PIV standard) is

7F49 L1 { 86 length public point }
where the public point is 04 || x-coordinate || y-coordinate

The YubiKey-specific encoding is the same as the PIV encoding, but without the nested 7F49 tag.

Constructors

Name	Description
PivPublicKey()	This builds an empty object. The `Algorithm` is `None` and the `EncodedPublicKey` is empty.

Properties

Name	Description
Algorithm	The algorithm of the key in this object.
PivEncodedKey
PivEncodedPublicKey	Contains the TLV encoding of the public key. If there is no encoded public key, this will be a buffer of length 0.
YubiKeyEncodedKey
YubiKeyEncodedPublicKey	Contains the TLV encoding of the public key as represented by the `GET METADATA` command. If there is no encoded public key, this will be a buffer of length 0.

Methods

Name	Description
Create(ReadOnlyMemory<byte>, PivAlgorithm?)	Create a new instance of a PivPublicKey from the given encoded value.