Class CredentialWithSecrets
- Namespace
- Yubico.YubiKey.YubiHsmAuth
- Assembly
- Yubico.YubiKey.dll
This Credential subclass is used when adding new credentials to the YubiHSM Auth application. See AddCredentialCommand for more information.
public abstract class CredentialWithSecrets : Credential
- Inheritance
-
objectCredentialWithSecrets
- Derived
- Inherited Members
Remarks
Every credential in the YubiHSM Auth application contains two secrets: the credential password, and the cryptographic key(s). The requirements for the credential password are the same for every credential. The caller is responsible for generating the cryptographic key(s) with an appropriate RNG. The requirements for the key(s) vary based on the KeyType. Classes that inherit from this one will implement functionality related to the key(s) specific to the CryptographicKeyType it represents. See Aes128CredentialWithSecrets for an example implementation.
Constructors
CredentialWithSecrets(ReadOnlyMemory<byte>, CryptographicKeyType, string, bool)
Create a credential with the secrets to be stored in the application.
protected CredentialWithSecrets(ReadOnlyMemory<byte> credentialPassword, CryptographicKeyType keyType, string label, bool touchRequired)
Parameters
credentialPassword
ReadOnlyMemory<byte>Sets CredentialPassword.
keyType
CryptographicKeyTypeSets KeyType.
label
stringSets Label.
touchRequired
boolSets TouchRequired.
Exceptions
- ArgumentException
The credential password does not meet the length requirements.
Fields
RequiredCredentialPasswordLength
The credential password must be exactly 16 bytes.
public const int RequiredCredentialPasswordLength = 16
Field Value
- int
Properties
CredentialPassword
The credential password is required when performing operations that access the key(s), such as calculating session keys. Its length must be equal to RequiredCredentialPasswordLength.
public ReadOnlyMemory<byte> CredentialPassword { get; set; }
Property Value
- ReadOnlyMemory<byte>
Remarks
The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.
Exceptions
- ArgumentException
The credential password does not meet the length requirements.