Table of Contents

Class Aes128CredentialWithSecrets

Namespace
Yubico.YubiKey.YubiHsmAuth
Assembly
Yubico.YubiKey.dll

This class is used when adding a new credential with AES-128 keys to the YubiHSM Auth application.

public class Aes128CredentialWithSecrets : CredentialWithSecrets
Inheritance
object
Aes128CredentialWithSecrets
Inherited Members

Constructors

Aes128CredentialWithSecrets(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, string, bool)

Create an AES-128 credential to be stored in the YubiHSM Auth application.

public Aes128CredentialWithSecrets(ReadOnlyMemory<byte> credentialPassword, ReadOnlyMemory<byte> encryptionKey, ReadOnlyMemory<byte> macKey, string label, bool touchRequired)

Parameters

credentialPassword ReadOnlyMemory<byte>

The credential password is required when performing operations that access the key(s), such as calculating session keys. Its length must be equal to RequiredCredentialPasswordLength.

encryptionKey ReadOnlyMemory<byte>

Sets EncryptionKey.

macKey ReadOnlyMemory<byte>

Sets MacKey.

label string

Sets Label.

touchRequired bool

Sets TouchRequired.

Exceptions

ArgumentException

Thrown when an AES-128 key does not have the required size (see RequiredKeySize).

Fields

RequiredKeySize

An AES-128 key must be exactly 16 bytes. This applies to both the Encryption and MAC key.

public const int RequiredKeySize = 16

Field Value

int

Properties

EncryptionKey

The AES-128 key used for encryption. Its length must be equal to RequiredKeySize.

public ReadOnlyMemory<byte> EncryptionKey { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

Thrown when the key does not have the required size.

MacKey

The AES-128 key used for message authentication (MAC). Its length must be equal to RequiredKeySize.

public ReadOnlyMemory<byte> MacKey { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

Thrown when the key does not have the required size.