Class RegistrationData
Represents a single U2F registration.
public class RegistrationData : U2fSignedData
- Inheritance
-
objectRegistrationData
- Inherited Members
Remarks
This represents the registration data returned by the YubiKey when registering a new U2F credential. The information stored in this structure can be sent back to the relying party to store for future validation (authentication) attempts.
This class is useful for storing registration data, in scenarios like U2F preregistration.
Constructors
RegistrationData(ReadOnlyMemory<byte>)
Build a new RegistrationData
object from the encoded
response, which is the data portion of the value returned by the
YubiKey.
public RegistrationData(ReadOnlyMemory<byte> encodedResponse)
Parameters
encodedResponse
ReadOnlyMemory<byte>
Properties
AttestationCert
The Attestation cert used to verify a newly-registered credential.
public X509Certificate2 AttestationCert { get; }
Property Value
- X509Certificate2
Remarks
There is a VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) method that will use the public key
inside the AttestationCert
to verify the signature on the
registration response. That verifies that the newly-generated public
key was indeed generated on the device. However, the SDK has no
classes or methods to verify the AttestationCert
itself. The
relying party app that performs verification must obtain any root and
CA certs necessary and perform certificate verification using some
other means.
KeyHandle
The private key handle created by the YubiKey. Save this value and use it when authenticating.
public ReadOnlyMemory<byte> KeyHandle { get; set; }
Property Value
- ReadOnlyMemory<byte>
UserPublicKey
The ECDSA public key for this user credential. Each coordinate must be 32 bytes and the point must be on the P256 curve.
public ReadOnlyMemory<byte> UserPublicKey { get; set; }
Property Value
- ReadOnlyMemory<byte>
Remarks
This is the public key that will be used to verify an authentication. Save this key and pass it into the VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) method when verifying for authentication.
This is a public key for ECDSA using the NIST P256 curve and SHA256, per the FIDO specifications.
If you want to get the public key as an instance of ECPoint
,
do this.
var pubKeyPoint = new ECPoint
{
X = UserPublicKey.Slice(1, 32).ToArray(),
Y = UserPublicKey.Slice(33, 32).ToArray(),
};
Methods
VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)
Verify the signature using the public key in the attestation cert returned by the YubiKey in the registration command/response. Use the given Client Data Hash and Application ID to build the data to verify.
public bool VerifySignature(ReadOnlyMemory<byte> applicationId, ReadOnlyMemory<byte> clientDataHash)
Parameters
applicationId
ReadOnlyMemory<byte>The appId (origin data or hash of origin) that was provided to create this registration.
clientDataHash
ReadOnlyMemory<byte>The
clientDataHash
(challenge data) that was provided to create this registration.
Returns
- bool
A
bool
,true
if the signature verifies,false
otherwise.