Class ChangeManagementKeyCommand

Namespace

Yubico.YubiKey.YubiHsmAuth.Commands

Assembly

Yubico.YubiKey.dll

The command class for changing the management key.

public sealed class ChangeManagementKeyCommand : IYubiKeyCommand<ChangeManagementKeyResponse>

Inheritance

object

ChangeManagementKeyCommand

Implements

IYubiKeyCommand<ChangeManagementKeyResponse>

Remarks

The management key is required when performing operations that add or delete credentials (AddCredentialCommand and DeleteCredentialCommand, respectively).

There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplicationCommand. Supplying the correct management key before the management key is blocked will reset the retry counter to 8.

The partner response class is ChangeManagementKeyResponse.

Constructors

ChangeManagementKeyCommand(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Change the management key.

public ChangeManagementKeyCommand(ReadOnlyMemory<byte> currentManagementKey, ReadOnlyMemory<byte> newManagementKey)

Parameters

currentManagementKey ReadOnlyMemory<byte>

The current value of the management key. The default value is all zeros.

newManagementKey ReadOnlyMemory<byte>

The new value of the management key.

Remarks

The management key is required when performing operations that add or delete credentials (AddCredentialCommand and DeleteCredentialCommand, respectively).

The caller is responsible for controlling the buffers which hold the management keys and should overwrite the data after the command is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

Thrown when a management key has an invalid length.

Fields

ValidManagementKeyLength

The management key must be exactly 16 bytes.

public const int ValidManagementKeyLength = 16

Field Value

int

Remarks

The management key is supplied as an argument to the constructor ChangeManagementKeyCommand(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>).

Properties

Application

Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies.

public YubiKeyApplication Application { get; }

Property Value

YubiKeyApplication

YubiKeyApplication.Otp, YubiKeyApplication.Piv, etc.

Methods

CreateCommandApdu()

Creates a well-formed CommandApdu to send to the YubiKey.

public CommandApdu CreateCommandApdu()

Returns

CommandApdu

A valid CommandApdu that is ready to be sent to the YubiKey, or passed along to additional encoders for further processing.

Remarks

This method will first perform validation on all of the parameters and data provided to it. The CommandAPDU it creates should contain all of the data payload for the command, even if it exceeds 65,535 bytes as specified by the ISO 7816-4 specification. The APDU will be properly chained by the device connection prior to being sent to the YubiKey, and the responses will collapsed into a single result.

CreateResponseForApdu(ResponseApdu)

Creates the corresponding IYubiKeyResponse implementation for the current command.

public ChangeManagementKeyResponse CreateResponseForApdu(ResponseApdu responseApdu)

Parameters

responseApdu ResponseApdu

The ResponseApdu returned by the YubiKey.

Returns

ChangeManagementKeyResponse

The implementation of IYubiKeyResponse that parses and presents ths response APDU.