SetPin Method
SetPin()
For a version 4 FIPS series YubiKey that does not have a PIN set, this will call on the KeyCollector to obtain a PIN and use it to set the U2F application with that PIN.
public void SetPin()Exceptions
| Type | Condition |
|---|---|
| System.Security.SecurityException | The YubiKey is not version 4 FIPS series, or the U2F application is already set with a PIN, or the PIN is blocked. |
| System.OperationCanceledException | The user cancelled. This happens when this method calls the
|
Remarks
A version 4 FIPS series YubiKey is manufactured with no PIN set on the U2F application. At this point, the YubiKey is not in FIPS mode. Once the PIN is set, it is in FIPS mode.
Once a PIN is set, it is possible to change it (see ChangePin()), however, the only way to remove a PIN is to reset the entire U2F application. After reset, the YubiKey's U2F application is no longer in FIPS mode, and furthermore, it can never be put into FIPS mode again. It can be set with a PIN again, but that will not put a reset YubiKey into FIPS mode.
The PIN is binary data and must be at least 6 and no more than 32
bytes long. If the user enters a value too short or too long, this
method will not set the PIN, but it will call the KeyCollector
again requesting the user enter a new PIN.
While the PIN can be any binary value, most PINs will be letters, numbers, and other characters entered from a keyboard. It is the responsibility of the app to determine how a character typed at a keyboard is represented as a byte. Almost certainly the best encoding will be UTF-8. In UTF-8, each ASCII character ie encoded with the single byte that is the ASCII character. For example, the character "5" in ASCII is 0x35. In UTF-8, it is 0x35. The character "C" is 0x43 in both ASCII and UTF-8.
Note that a PIN is needed to perform U2F registration, but not authentication.