Table of Contents

Class Scp11KeyParameters

Namespace
Yubico.YubiKey.Scp
Assembly
Yubico.YubiKey.dll

SCP key parameters for performing SCP11 authentication. For SCP11b only keyReference and pkSdEcka are required. Note that this does not authenticate the off-card entity (OCE). For SCP11a and SCP11c the off-card entity (OCE) CA key reference must be provided, as well as the off-card entity (OCE) secret key and certificate chain.

public sealed class Scp11KeyParameters : ScpKeyParameters
Inheritance
object
Scp11KeyParameters
Inherited Members

Constructors

Scp11KeyParameters(KeyReference, ECPublicKey)

Creates a new Scp11KeyParameters instance for SCP11b.

public Scp11KeyParameters(KeyReference keyReference, ECPublicKey pkSdEcka)

Parameters

keyReference KeyReference

The key reference associated with the key parameters.

pkSdEcka ECPublicKey

The public key of the security domain which is used for key agreement between the off-card entity (OCE) and Yubikey.

Remarks

Note that this does not authenticate the off-card entity (OCE).

Scp11KeyParameters(KeyReference, ECPublicKey, KeyReference, ECPrivateKey, IReadOnlyCollection<X509Certificate2>)

Creates a new Scp11KeyParameters instance. This is used to initiate SCP11A and SCP11C connections.

public Scp11KeyParameters(KeyReference keyReference, ECPublicKey pkSdEcka, KeyReference oceKeyReference, ECPrivateKey skOceEcka, IReadOnlyCollection<X509Certificate2> oceCertificates)

Parameters

keyReference KeyReference

The key reference associated with the key parameters.

pkSdEcka ECPublicKey

The public key of the security domain (pkSdEcka) which is used for key agreement between the off-card entity (OCE) and Yubikey.

oceKeyReference KeyReference

The off-card entity (OCE) key reference.

skOceEcka ECPrivateKey

The secret key (skOceEcka) of the off-card entity (OCE) used for key agreement between the off-card entity (OCE) and Yubikey.

oceCertificates IReadOnlyCollection<X509Certificate2>

The certificate chain, containing the public key for the off-card entity (OCE).

Properties

OceCertificates

The certificate chain, containing the public key for the off-card entity (OCE) (SCP11a/c).

public IReadOnlyList<X509Certificate2>? OceCertificates { get; }

Property Value

IReadOnlyList<X509Certificate2>

OceKeyReference

The key reference of the off-card entity (OCE) (SCP11a/c).

public KeyReference? OceKeyReference { get; }

Property Value

KeyReference

PkSdEcka

The public key of the security domain which is used for key agreement between the off-card entity (OCE) and Yubikey (SCP11a/b/c). 'pkSdEcka' is short for Public Key Security Domain Elliptic Curve Key Agreement (Key)

public ECPublicKey PkSdEcka { get; }

Property Value

ECPublicKey

SkOceEcka

The secret key of the off-card entity (OCE) which is used for key agreement between the off-card entity and the YubiKey (SCP11a/c). 'skOceEcka' is short for Secret Key Off-Card Entity Elliptic Curve Key Agreement (Key)

public ECPrivateKey? SkOceEcka { get; }

Property Value

ECPrivateKey

Methods

Dispose()

This will clear all references and sensitive buffers

public void Dispose()