YubiHsmAuthSession Class

Namespace: Yubico.YubiKey.YubiHsmAuth Assembly: Yubico.YubiKey.dll

The main entry-point for all YubiHSM Auth related operations.

C#
public sealed class YubiHsmAuthSession : ApplicationSession
Inheritance object ApplicationSession YubiHsmAuthSession

Constructors

Name Description
YubiHsmAuthSession(IYubiKeyDevice, ScpKeyParameters?)

Create an instance of YubiHsmAuthSession class, the object that represents the YubiHSM Auth application on the YubiKey.

Properties

Name Description
KeyCollector

The delegate this class will call when it needs a management key or credential password.

Methods

Name Description
AddCredential(ReadOnlyMemory<byte>, CredentialWithSecrets)

Add a credential.
ChangeManagementKey(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Change the management key, throw an exception if the operation failed.
DeleteCredential(ReadOnlyMemory<byte>, string)

Remove a credential.
GetAes128SessionKeys(string, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Calculate session keys from an AES-128 credential. These session keys are used to establish a secure session with a YubiHSM 2 device.
GetApplicationVersion()

Get the version of the YubiHSM Auth application.
GetManagementKeyRetries()

Get the number of retries remaining for the management key.
ListCredentials()

Get the public properties of all Credentials in the YubiHSM Auth application, along with the number of retries remaining for each.
ResetApplication()

Reset the YubiHSM Auth application, which will delete all credentials, reset the management key to its default value (all zeros), and reset the management key retry counter to 8.
TryAddCredential(ReadOnlyMemory<byte>, CredentialWithSecrets, out int?)

Add a credential.
TryAddCredential(CredentialWithSecrets)

Add a credential. This method uses the KeyCollector to retrieve the management key and will retry authentication while there are retries remaining.
TryChangeManagementKey()

Change the management key, using the KeyCollector to retrieve the current and new management keys.
TryChangeManagementKey(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, out int?)

Change the management key.
TryDeleteCredential(ReadOnlyMemory<byte>, string, out int?)

Remove a credential.
TryDeleteCredential(string)

Remove a credential. This method uses the KeyCollector to retrieve the management key, and will retry authentication while there are retries remaining.
TryGetAes128SessionKeys(string, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, out SessionKeys?)

Calculate session keys from an AES-128 credential, using the KeyCollector to retrieve the credential password and prompt for touch when required. These session keys are used to establish a secure session with a YubiHSM 2 device.