ImportPrivateKey(Byte, PivPrivateKey, PivPinPolicy, PivTouchPolicy)
Import a private key into the given slot.
public void ImportPrivateKey(byte slotNumber, PivPrivateKey privateKey, PivPinPolicy pinPolicy, PivTouchPolicy touchPolicy)
The slot into which the key will be imported.
The private key to import into the YubiKey.
The PIN policy the key will have. If no argument is given, the policy
The touch policy the key will have. If no argument is given, the policy
The slot specified is not valid for generating a key pair, or the
There is no
The user canceled management key collection.
Mutual authentication was performed and the YubiKey was not authenticated.
When you import a key, you specify which slot will hold this key. If there is a key in that slot already, this method will replace it. That old key will be gone and there will be nothing you can do to recover it. Hence, use this method with caution.
This method will not return to you the public key partner to the private key imported into the slot. For YubiKeys before version 5.3, you will not have the opportunity to obtain the public key, so make sure your application manages it right from the start. Beginning with version 5.3, it is possible to get a public key out of a slot at any time.
You also have the opportunity to specify the PIN and touch policies
of the private key generated. These policies describe what will be
required when using the key. For example, if the PIN policy is
Always, then every time the key is used (to sign, decrypt, or
perform key agreement), it will be necessary to verify the PIV PIN.
With the touch policy, for instance, setting it to
require touch every time the key is used. This method has the
policies as optional arguments. If you do not specify these
arguments, the key pair will be generated with the policies set to
Default. Currently for all YubiKeys, the default PIN
Once, and the default touch policy is
In order to perform this operation, the management key must be
authenticated during this session. If it has not been authenticated,
this method will call AuthenticateManagementKey(Boolean). That
is, your application does not need to authenticate the management key
separately (i.e., call
AuthenticateManagementKey), this method will determine if the
management key has been authenticated or not, and if not, it will
make the call to perform mutual authentication.
The authentication method will collect the management key using the
KeyCollector delegate. If no such delegate has been set, it
will throw an exception.
KeyCollector has an option to cancel the operation. That
AuthenticateManagementKey method will call the
KeyCollector requesting the management key, and it is possible
that during the collection operations, the user cancels. The
KeyCollector will return to the authentication method noting
the cancellation. In that case, it will throw an exception. If you
want the authentication to return
false on user cancellation,
you must call TryAuthenticateManagementKey(Boolean) directly
before calling this method.