VerifyPin Method

VerifyPin()

For a version 4 FIPS series YubiKey that has a PIN set on the U2F application, this will call on the KeyCollector to obtain the current PIN and verify it.

C#
public void VerifyPin()

Exceptions

Type Condition
SecurityException

The YubiKey is not version 4 FIPS series, or the PIN is blocked.
OperationCanceledException

The user cancelled. This happens when this method calls the KeyCollector and it returns false.

Remarks

A version 4 FIPS series YubiKey is manufactured with no PIN set on the U2F application. At this point, the YubiKey is not in FIPS mode. Once the PIN is set, it is in FIPS mode See SetPin(). After it has been set, it is necessary to verify the PIN in order to perform registration. Note that the PIN is not needed for authentication.

Note that if the PIN is not verified and the Register(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, TimeSpan) method is called, the SDK will call this Verify method. Hence, it is likely an app will never need to call this method directly.

If the wrong current PIN is entered, the YubiKey will decrement the retries remaining count, and this method will call on the KeyCollector for the current PIN again (the KeyEntryData.IsRetry property will be true). See the user's manual entry on FIDO U2F FIPS mode retries for more information.

The PIN is binary data and must be at least 6 and no more than 32 bytes long. If the user enters a value too short or too long, this method will try to verify that value, the YubiKey will reject it, and this method will call the KeyCollector again requesting the user enter the PIN.

While the PIN can be any binary value, most PINs will be letters, numbers, and other characters entered from a keyboard. It is the responsibility of the app to determine how a character typed at a keyboard is represented as a byte. Almost certainly the best encoding will be UTF-8. In UTF-8, each ASCII character ie encoded with the single byte that is the ASCII character. For example, the character "5" in ASCII is 0x35. In UTF-8, it is 0x35. The character "C" is 0x43 in both ASCII and UTF-8.