Class CredentialWithSecrets

Namespace

Yubico.YubiKey.YubiHsmAuth

Assembly

Yubico.YubiKey.dll

This Credential subclass is used when adding new credentials to the YubiHSM Auth application. See AddCredentialCommand for more information.

public abstract class CredentialWithSecrets : Credential

Inheritance

object

Credential

CredentialWithSecrets

Derived

Aes128CredentialWithSecrets

Inherited Members

Credential.MinLabelByteCount

Credential.MaxLabelByteCount

Credential.KeyType

Credential.Label

Credential.TouchRequired

Remarks

Every credential in the YubiHSM Auth application contains two secrets: the credential password, and the cryptographic key(s). The requirements for the credential password are the same for every credential. The caller is responsible for generating the cryptographic key(s) with an appropriate RNG. The requirements for the key(s) vary based on the KeyType. Classes that inherit from this one will implement functionality related to the key(s) specific to the CryptographicKeyType it represents. See Aes128CredentialWithSecrets for an example implementation.

Constructors

CredentialWithSecrets(ReadOnlyMemory<byte>, CryptographicKeyType, string, bool)

Create a credential with the secrets to be stored in the application.

protected CredentialWithSecrets(ReadOnlyMemory<byte> credentialPassword, CryptographicKeyType keyType, string label, bool touchRequired)

Parameters

credentialPassword ReadOnlyMemory<byte>

Sets CredentialPassword.

keyType CryptographicKeyType

Sets KeyType.

label string

Sets Label.

touchRequired bool

Sets TouchRequired.

Exceptions

ArgumentException

The credential password does not meet the length requirements.

Fields

RequiredCredentialPasswordLength

The credential password must be exactly 16 bytes.

public const int RequiredCredentialPasswordLength = 16

Field Value

int

Properties

CredentialPassword

The credential password is required when performing operations that access the key(s), such as calculating session keys. Its length must be equal to RequiredCredentialPasswordLength.

public ReadOnlyMemory<byte> CredentialPassword { get; set; }

Property Value

ReadOnlyMemory<byte>

Remarks

The caller is responsible for controlling the buffer which holds this value, and should overwrite the data after the command (see AddCredentialCommand) is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.

Exceptions

ArgumentException

The credential password does not meet the length requirements.