TryChangeManagementKey Method
TryChangeManagementKey()
Change the management key, using the KeyCollector to retrieve the current and new management keys.
public bool TryChangeManagementKey()Returns
True, when the management key has been changed successfully.
False when the KeyCollector returns false
(usually indicating user cancellation).
Exceptions
| Type | Condition |
|---|---|
| SecurityException | Authentication failed and there are no retries remaining. |
| InvalidOperationException | A key collector was not supplied (KeyCollector was null). |
| ArgumentException | Thrown when a management key has an invalid length. |
Remarks
Compared to TryChangeManagementKey(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, out int?) which only attempts authentication once, this method automatically retries authentication while there are retries remaining.
The management key is 16 bytes long, and is required when performing operations that add or delete credentials ( AddCredentialCommand and DeleteCredentialCommand, respectively).
There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplication(). Supplying the correct management key before the management key is blocked will reset the retry counter to 8.
When the current and new management keys are needed, the
KeyCollector is called with Request
set to ChangeYubiHsmAuthManagementKey.
The KeyCollector gets the current and new management keys from the
user, saves them using
SubmitValues(ReadOnlySpan<byte>, ReadOnlySpan<byte>),
and returns true. Each key must be exactly 16 bytes long (see
ValidManagementKeyLength). If the
command succeeds (the management key is changed), this method returns
true.
If authentication with the current management key fails and there are
retries remaining, the KeyCollector will be called again with
the same Request, but IsRetry will
be true and RetriesRemaining will be
set appropriately. When there are no retries remaining, a
System.Security.SecurityException will be thrown.
The only time this method returns false is when the
KeyCollector cancels the operation by returning false.
Cancellation usually happens when the user has clicked a "Cancel"
button.
In all situations, when this method ends, it will tell the
KeyCollector it is done by calling it with the Request
set to Release.
TryChangeManagementKey(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, out int?)
Change the management key.
public bool TryChangeManagementKey(ReadOnlyMemory<byte> currentManagementKey, ReadOnlyMemory<byte> newManagementKey, out int? retriesRemaining)Parameters
| Type | Name | Description |
|---|---|---|
| ReadOnlyMemory<byte> | currentManagementKey | The current value of the management key. It must be exactly 16 bytes long (see ValidManagementKeyLength). The default value is all zeros. |
| ReadOnlyMemory<byte> | newManagementKey | The new value of the management key. It must be exactly 16 bytes long (see ValidManagementKeyLength). |
| int? | retriesRemaining | When the command fails to authenticate the management key, this value gives the number of retries remaining. |
Returns
True, when the management key has been changed successfully. False,
when authentication failed and the management key was not changed.
When this method returns false, retriesRemaining
gives the number of retries remaining to authenticate with the
management key.
Exceptions
| Type | Condition |
|---|---|
| ArgumentException | Thrown when a management key has an invalid length. |
Remarks
The management key is 16 bytes long, and is required when performing operations that add or delete credentials ( AddCredentialCommand and DeleteCredentialCommand, respectively).
There is a limit of 8 attempts to authenticate with the management key before the management key is blocked. Once the management key is blocked, the application must be reset before performing operations which require authentication with the management key (such as adding credentials, deleting credentials, and changing the management key). To reset the application, see ResetApplication(). Supplying the correct management key before the management key is blocked will reset the retry counter to 8.
The caller is responsible for controlling the buffers which hold the management keys and should overwrite the data after the command is sent. The user's manual entry "Sensitive Data" has further details and recommendations for handling this kind of data.