GetAes128SessionKeysCommand Constructor
GetAes128SessionKeysCommand(string, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)
Calculate session keys from an AES-128 credential. These session keys are used to encrypt and authenticate commands and responses with a YubiHSM 2 device during a single session.
public GetAes128SessionKeysCommand(string credentialLabel, ReadOnlyMemory<byte> credentialPassword, ReadOnlyMemory<byte> hostChallenge, ReadOnlyMemory<byte> hsmDeviceChallenge)Parameters
| Type | Name | Description |
|---|---|---|
| string | credentialLabel | The label of the credential for calculating the session keys. The string must meet the same requirements as Label. |
| ReadOnlyMemory<byte> | credentialPassword | The password of the credential for calculating the session keys. It must meet the same requirements as CredentialPassword. |
| ReadOnlyMemory<byte> | hostChallenge | The 8 byte challenge generated by the host. |
| ReadOnlyMemory<byte> | hsmDeviceChallenge | The 8 byte challenge generated by the YubiHSM 2 device. |
Remarks
The caller is responsible for controlling the buffers which hold
the credentialPassword,
hostChallenge, and
hsmDeviceChallenge. The caller should overwrite
the data after the command is sent. The user's manual entry
"Sensitive Data" has further
details and recommendations for handling this kind of data.