Class AddCredentialCommand
- Namespace
- Yubico.YubiKey.YubiHsmAuth.Commands
- Assembly
- Yubico.YubiKey.dll
The command class for adding a credential to the YubiHSM Auth application.
public sealed class AddCredentialCommand : IYubiKeyCommand<AddCredentialResponse>
- Inheritance
-
objectAddCredentialCommand
- Implements
Remarks
The partner class is AddCredentialResponse. See CredentialWithSecrets for further information on the requirements of the new credential.
There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplicationCommand. Supplying the correct management key before the management key is blocked will reset the retry counter to 8.
Constructors
AddCredentialCommand(ReadOnlyMemory<byte>, CredentialWithSecrets)
Add a credential to the YubiHSM Auth application.
public AddCredentialCommand(ReadOnlyMemory<byte> managementKey, CredentialWithSecrets credentialWithSecrets)
Parameters
managementKey
ReadOnlyMemory<byte>The secret used to authenticate to the application prior to adding or removing credentials. See ValidManagementKeyLength for its required length. The application has a default management key of all zeros.
credentialWithSecrets
CredentialWithSecretsThe credential to be added.
Remarks
The application can store up to 32 credentials, and each credential must have a unique label. See Label for more information on encodings and requirements.
To list the credentials currently stored in the application, use ListCredentialsCommand.
The caller is responsible for controlling the buffer which holds the management key, and should overwrite the data after the command is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.
Exceptions
- ArgumentOutOfRangeException
Thrown when
managementKey
has an invalid length.
Fields
ValidManagementKeyLength
The management key must be exactly 16 bytes.
public const int ValidManagementKeyLength = 16
Field Value
- int
Remarks
The management key is supplied as an argument to the constructor AddCredentialCommand(ReadOnlyMemory<byte>, CredentialWithSecrets).
Properties
Application
Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.
public YubiKeyApplication Application { get; }
Property Value
- YubiKeyApplication
YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.
Methods
CreateCommandApdu()
Creates a well-formed CommandApdu to send to the YubiKey.
public CommandApdu CreateCommandApdu()
Returns
- CommandApdu
A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.
Remarks
This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.
CreateResponseForApdu(ResponseApdu)
Creates the corresponding IYubiKeyResponse implementation for the current command.
public AddCredentialResponse CreateResponseForApdu(ResponseApdu responseApdu)
Parameters
responseApdu
ResponseApduThe ResponseApdu returned by the YubiKey.
Returns
- AddCredentialResponse
The implementation of IYubiKeyResponse that parses and presents ths response APDU.