Class AuthenticationData

Namespace

Yubico.YubiKey.U2f

Assembly

Yubico.YubiKey.dll

Represents a single U2F authentication response.

public class AuthenticationData : U2fSignedData

Inheritance

object

U2fBuffer

U2fSignedData

AuthenticationData

Inherited Members

U2fSignedData.Signature

U2fBuffer.AppIdHashLength

U2fBuffer.ClientDataHashLength

U2fBuffer.KeyHandleLength

U2fBuffer.PublicKeyLength

U2fBuffer.PublicKeyTag

U2fBuffer.CoordinateLength

U2fBuffer.CounterLength

U2fBuffer.ApplicationId

U2fBuffer.ClientDataHash

U2fBuffer.SetBufferData(ReadOnlyMemory<byte>, int, int, string)

Remarks

This class is used to see what the was returned by the YubiKey in an authentication operation, as well as a method to verify the signature.

Constructors

AuthenticationData(ReadOnlyMemory<byte>)

Build a new AuthenticationData object from the encoded response, which is the data portion of the value returned by the YubiKey.

public AuthenticationData(ReadOnlyMemory<byte> encodedResponse)

Parameters

encodedResponse ReadOnlyMemory<byte>

Properties

Counter

The counter used in computing the signature.

public int Counter { get; }

Property Value

int

UserPresenceVerified

If the user's presence was verified in the authentication operation, this will be true. Otherwise it will be false.

public bool UserPresenceVerified { get; }

Property Value

bool

Methods

VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Use the given public key to verify the signature. Use the given Application ID (hash of origin data) and Client Data Hash (includes the challenge) to build the data to verify.

public bool VerifySignature(ReadOnlyMemory<byte> userPublicKey, ReadOnlyMemory<byte> applicationId, ReadOnlyMemory<byte> clientDataHash)

Parameters

userPublicKey ReadOnlyMemory<byte>

The public key partner to the private key used to authenticate this credential, as an encoded EC Point.

applicationId ReadOnlyMemory<byte>

The original applicationId that was provided to the AuthenticateCommand. This is the hash of the origin data.

clientDataHash ReadOnlyMemory<byte>

The original clientDataHash that was provided to the AuthenticateCommand. This contains the challenge.

Returns

bool

A bool, true if the signature verifies, false otherwise.

Remarks

This will build the data to verify from the input applicationId, clientDataHash, along with the user presence and counter data inside this object. The user presence and counter were part of the authentication response, the encodedResponse of the constructor. It will then verify the signature inside this object (from the encoded response) using the public key.

The public key is returned by the YubiKey during registration. See the RegistrationData class.