VerifyKeyHandle Method
VerifyKeyHandle(ReadOnlyMemory<Byte>, ReadOnlyMemory<Byte>, ReadOnlyMemory<Byte>)
Verify that the given keyHandle is a YubiKey handle and
matches the applicationId and clientDataHash.
public bool VerifyKeyHandle(ReadOnlyMemory<byte> applicationId, ReadOnlyMemory<byte> clientDataHash, ReadOnlyMemory<byte> keyHandle)Parameters
| Type | Name | Description |
|---|---|---|
| System.ReadOnlyMemory<System.Byte> | applicationId | Also known as the origin data. A SHA-256 hash of the UTF-8 encoding of the application or service requesting the registration. See the U2F registration overview page for more information. |
| System.ReadOnlyMemory<System.Byte> | clientDataHash | A SHA-256 hash of the client data, a stringified JSON data structure that the caller prepares. Among other things, the client data contains the challenge from the relying party (the application or service that this verification is for). See the U2F registration overview page for more information. |
| System.ReadOnlyMemory<System.Byte> | keyHandle | The key handle the provided by the relying party. |
Returns
A boolean, true if the key handle matches, false
otherwise.
Remarks
When performing an authentication, the relying party sends the key handle that the YubiKey should use to sign the challenge. The client passes that key handle along to the YubiKey, along with the applicationID (origin data) and client data hash. The YubiKey will determine if the key handle is valid and if so, if it matches the origin data. If it does, the YubiKey will sign the challenge and if not, the YubiKey will simply not create a signature. This is the YubiKey verifying the relying party.
Call this method to check the key handle before trying to execute a full authentication operation. This operation is specified by the U2F standard.
Note that there are three primary ways this method will return
false. One, the key handle does not belong to the YubiKey, two,
the key handle does not match the applicationID (origin data), and
three, the data is invalid (e.g. a 16-byte client data hash).