PivSlot Class

Namespace: Yubico.YubiKey.Piv Assembly: Yubico.YubiKey.dll

The valid PIV slots.

public static class PivSlot

Inheritance object PivSlot

Remarks

Each slot has a name and number. This class provides names to go along with the numbers.

For example, if you want to use the Authentication slot, specify it as PivSlot.Authentication. If you want to use slot 9A, specify 0x9A. The Authentication slot and 9A are actually one and the same, but some applications or standards documents might refer to it as "Slot 9A" and others might refer to it as the "Authentication Slot".

See the User's Manual entry on PIV slots for more details on each of the possible slots.

Fields

Name	Description
Attestation	Slot F9, the cert and key can be used to attest keys 9A, 9C, 9D, and 9E, if they were generated on the device. This is only available on YubiKey version 4.3 and later.
Authentication	Slot 9A, the certificate and its associated private key are used to authenticate the card and the cardholder, usually for system login.
CardAuthentication	Slot 9E, the certificate and its associated private key are used to support additional physical access applications, such as providing physical access to buildings via PIV-enabled door locks.
KeyManagement	Slot 9D, the certificate and its associated private key are are used for encryption for the purpose of confidentiality. It is generally used for things such as decrypting e-mails or encrypting/decrypting files. Note that this is NOT the "Management Key" slot, which is a separate property in this class.
Management	Management Key slot, number 0x9B, before YubiKey 5.4.2, it can only be a Triple-DES key. Beginning with 5.4.2 it can be Triple-DES or AES. This is a valid slot only with the command GetMetadataCommand. There is no cert in this slot. Note that this is NOT the `KeyManagement` slot, which is a separate property in this class.
Pin	PIN slot, number 0x80. This is a valid slot only with the command GetMetadataCommand. There is no cert in this slot.
Puk	PUK slot, number 0x81. This is a valid slot only with the command GetMetadataCommand. There is no cert in this slot.
Retired1	Slot 82, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired10	Slot 8B, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired11	Slot 8C, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired12	Slot 8D, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired13	Slot 8E, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired14	Slot 8F, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired15	Slot 90, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired16	Slot 91, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired17	Slot 92, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired18	Slot 93, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired19	Slot 94, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired2	Slot 83, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired20	Slot 95, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired3	Slot 84, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired4	Slot 85, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired5	Slot 86, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired6	Slot 87, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired7	Slot 88, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired8	Slot 89, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Retired9	Slot 8A, the retired key slots are meant for previously used Key Management keys to be able to decrypt earlier encrypted documents or emails. In the YubiKey all 20 of the retired slots are fully available for use. This is only available on YubiKey version 4 and later.
Signing	Slot 9C, the certificate and its associated private key are used for creating digital signatures, such as signing files and executables.

Methods

Name	Description
IsValidSlotNumber(byte)	Is the given number a valid slot number?
IsValidSlotNumberForGenerate(byte)	Is the given number a valid slot number for generating asymmetric keys.
IsValidSlotNumberForSigning(byte)	Is the given number a valid slot number for signing arbitrary data.