Table of Contents

Class StaticKeys

Namespace
Yubico.YubiKey.Scp
Assembly
Yubico.YubiKey.dll

Represents a triple of SCP03 static keys shared with the device.

public class StaticKeys
Inheritance
object
StaticKeys

Remarks

See also the User's Manual entry on SCP03.

These are the three secret keys that only the device and remote user know. Clients must supply these to communicate securely with a remote device.

Systems often derive and assign these keys using a diversification function keyed with a 'master key' and run on the 'DivData' of each device.

Constructors

StaticKeys()

Constructs an instance using the well-known default values; using these provides no security. This class will consider these keys to be the key set with the Key Version Number of 255 (0xFF).

public StaticKeys()

StaticKeys(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Constructs an instance given the supplied keys. This class will consider these keys to be the key set with the Key Version Number of This class will copy the input key data, not just a reference. You can overwrite the input buffers as soon as the StaticKeys object is created.

16-byte AES128 shared secret key 16-byte AES128 shared secret key 16-byte AES128 shared secret key
public StaticKeys(ReadOnlyMemory<byte> channelMacKey, ReadOnlyMemory<byte> channelEncryptionKey, ReadOnlyMemory<byte> dataEncryptionKey)

Parameters

channelMacKey ReadOnlyMemory<byte>
channelEncryptionKey ReadOnlyMemory<byte>
dataEncryptionKey ReadOnlyMemory<byte>

Properties

ChannelEncryptionKey

AES128 shared secret key used to calculate the Session-ENC key. Also called the 'DAK' or 'Key-ENC' in some specifications.

public ReadOnlyMemory<byte> ChannelEncryptionKey { get; }

Property Value

ReadOnlyMemory<byte>

ChannelMacKey

AES128 shared secret key used to calculate the Session-MAC key. Also called the 'DMK' or 'Key-MAC' in some specifications.

public ReadOnlyMemory<byte> ChannelMacKey { get; }

Property Value

ReadOnlyMemory<byte>

DataEncryptionKey

AES128 shared secret key used to wrap secrets. Also called the 'DEK' in some specifications.

public ReadOnlyMemory<byte> DataEncryptionKey { get; }

Property Value

ReadOnlyMemory<byte>

Methods

AreKeysSame(StaticKeys?)

Determine if the contents of each key is the same for both objects. If so, this method will return true.

public bool AreKeysSame(StaticKeys? compareKeys)

Parameters

compareKeys StaticKeys

Returns

bool

Dispose()

This will clear all references and sensitive buffers

public void Dispose()

Dispose(bool)

protected virtual void Dispose(bool disposing)

Parameters

disposing bool