GetPinOnlyMode Method
GetPinOnlyMode()
Return an enum indicating the PIN-only mode, if any, for which the YubiKey PIV application is configured.
public PivPinOnlyMode GetPinOnlyMode()Returns
A PivPinOnlyMode, which is an enum indicating the mode or
modes.
Exceptions
| Type | Condition |
|---|---|
| System.InvalidOperationException | The YubiKey is not able to return the ADMIN DATA. |
Remarks
PIN-only mode means that the application does not need to enter the management key in order to perform PIV operations that normally require it, only the PIN is needed.
See the User's Manual entry on PIV PIN-only mode for a deeper discussion of this feature.
This returns a result based on the contents of ADMIN DATA. That storage location contains information about PIN-protected and PIN-derived. It is possible for a different application to overwrite the data to make it inaccurate. That is unlikely, however, if all applications follow good programming practices outlined by the SDK documentation. This method will not actually verify the management key in order to ensure the return value is correct.
If the ADMIN DATA is overwritten, it is possible to call TryRecoverPinOnlyMode() to restore the YubiKey to a proper PIN-only state.
Note also that it is possible that the ADMIN DATA says the YubiKey is
PIN-protected, but some app has overwritten the data in PRINTED. In
that case, this method will return a result indicating
PinProtected, when in reality PIN-protected is unavailable.
That is because this returns a value based only on the contents of
ADMIN DATA. The method TryRecoverPinOnlyMode will check more
than ADMIN DATA.
Note that the return is a bit field and the return can be one or more of the bits set. There are bits that indicate a YubiKey is unavailable for PIN-protected or PIN-derived. Call this method before trying to set a YubiKey to PIN-only to make sure it is not already set, and if not, it can be set.
Note that this returns the PIN-only mode for the PIV application on the YubiKey, it has nothing to do with OATH, FIDO, or OpenPGP.