Class RegistrationData

Namespace

Yubico.YubiKey.U2f

Assembly

Yubico.YubiKey.dll

Represents a single U2F registration.

public class RegistrationData : U2fSignedData

Inheritance

object

U2fBuffer

U2fSignedData

RegistrationData

Inherited Members

U2fSignedData.Signature

U2fBuffer.AppIdHashLength

U2fBuffer.ClientDataHashLength

U2fBuffer.KeyHandleLength

U2fBuffer.PublicKeyLength

U2fBuffer.PublicKeyTag

U2fBuffer.CoordinateLength

U2fBuffer.CounterLength

U2fBuffer.ApplicationId

U2fBuffer.ClientDataHash

U2fBuffer.SetBufferData(ReadOnlyMemory<byte>, int, int, string)

Remarks

This represents the registration data returned by the YubiKey when registering a new U2F credential. The information stored in this structure can be sent back to the relying party to store for future validation (authentication) attempts.

This class is useful for storing registration data, in scenarios like U2F preregistration.

Constructors

RegistrationData(ReadOnlyMemory<byte>)

Build a new RegistrationData object from the encoded response, which is the data portion of the value returned by the YubiKey.

public RegistrationData(ReadOnlyMemory<byte> encodedResponse)

Parameters

encodedResponse ReadOnlyMemory<byte>

Properties

AttestationCert

The Attestation cert used to verify a newly-registered credential.

public X509Certificate2 AttestationCert { get; }

Property Value

X509Certificate2

Remarks

There is a VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) method that will use the public key inside the AttestationCert to verify the signature on the registration response. That verifies that the newly-generated public key was indeed generated on the device. However, the SDK has no classes or methods to verify the AttestationCert itself. The relying party app that performs verification must obtain any root and CA certs necessary and perform certificate verification using some other means.

KeyHandle

The private key handle created by the YubiKey. Save this value and use it when authenticating.

public ReadOnlyMemory<byte> KeyHandle { get; set; }

Property Value

ReadOnlyMemory<byte>

UserPublicKey

The ECDSA public key for this user credential. Each coordinate must be 32 bytes and the point must be on the P256 curve.

public ReadOnlyMemory<byte> UserPublicKey { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

This is the public key that will be used to verify an authentication. Save this key and pass it into the VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>) method when verifying for authentication.

This is a public key for ECDSA using the NIST P256 curve and SHA256, per the FIDO specifications.

If you want to get the public key as an instance of ECPoint, do this.

var pubKeyPoint = new ECPoint
{
    X = UserPublicKey.Slice(1, 32).ToArray(),
    Y = UserPublicKey.Slice(33, 32).ToArray(),
};

Methods

VerifySignature(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Verify the signature using the public key in the attestation cert returned by the YubiKey in the registration command/response. Use the given Client Data Hash and Application ID to build the data to verify.

public bool VerifySignature(ReadOnlyMemory<byte> applicationId, ReadOnlyMemory<byte> clientDataHash)

Parameters

applicationId ReadOnlyMemory<byte>

The appId (origin data or hash of origin) that was provided to create this registration.

clientDataHash ReadOnlyMemory<byte>

The clientDataHash (challenge data) that was provided to create this registration.

Returns

bool

A bool, true if the signature verifies, false otherwise.