Class Aes128CredentialWithSecrets

Namespace

Yubico.YubiKey.YubiHsmAuth

Assembly

Yubico.YubiKey.dll

This class is used when adding a new credential with AES-128 keys to the YubiHSM Auth application.

public class Aes128CredentialWithSecrets : CredentialWithSecrets

Inheritance

object

Credential

CredentialWithSecrets

Aes128CredentialWithSecrets

Inherited Members

CredentialWithSecrets.RequiredCredentialPasswordLength

CredentialWithSecrets.CredentialPassword

Credential.MinLabelByteCount

Credential.MaxLabelByteCount

Credential.KeyType

Credential.Label

Credential.TouchRequired

Constructors

Aes128CredentialWithSecrets(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, string, bool)

Create an AES-128 credential to be stored in the YubiHSM Auth application.

public Aes128CredentialWithSecrets(ReadOnlyMemory<byte> credentialPassword, ReadOnlyMemory<byte> encryptionKey, ReadOnlyMemory<byte> macKey, string label, bool touchRequired)

Parameters

credentialPassword ReadOnlyMemory<byte>

The credential password is required when performing operations that access the key(s), such as calculating session keys. Its length must be equal to RequiredCredentialPasswordLength.

encryptionKey ReadOnlyMemory<byte>

Sets EncryptionKey.

macKey ReadOnlyMemory<byte>

Sets MacKey.

label string

Sets Label.

touchRequired bool

Sets TouchRequired.

Exceptions

ArgumentException

Thrown when an AES-128 key does not have the required size (see RequiredKeySize).

Fields

RequiredKeySize

An AES-128 key must be exactly 16 bytes. This applies to both the Encryption and MAC key.

public const int RequiredKeySize = 16

Field Value

int

Properties

EncryptionKey

The AES-128 key used for encryption. Its length must be equal to RequiredKeySize.

public ReadOnlyMemory<byte> EncryptionKey { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

Thrown when the key does not have the required size.

MacKey

The AES-128 key used for message authentication (MAC). Its length must be equal to RequiredKeySize.

public ReadOnlyMemory<byte> MacKey { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

Thrown when the key does not have the required size.