Skip to content

documentation: management key algorithm #177

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Dec 19, 2024
Merged

documentation: management key algorithm #177

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/InitializeAuthenticateManagementKeyCommand.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ public InitializeAuthenticateManagementKeyCommand()
/// <remarks>
/// Using this constructor is equivalent to
/// <code language="csharp">
/// new InitializeAuthenticateManagementKeyCommand(true, PivAlgorithm.AES192);
/// new InitializeAuthenticateManagementKeyCommand(true, PivAlgorithm.algorithm);
/// </code>
/// </remarks>
public InitializeAuthenticateManagementKeyCommand(PivAlgorithm algorithm)
Expand Down
9 changes: 4 additions & 5 deletions Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/SetManagementKeyCommand.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ public sealed class SetManagementKeyCommand : IYubiKeyCommand<SetManagementKeyRe
/// 5.4.2, only Triple-DES (<c>PivAlgorithm.TripleDes</c>) is supported.
/// Beginning with 5.4.2, the Algorithm can be <c>Aes128</c>,
/// <c>Aes192</c>, <c>Aes256</c>, or <c>TripleDes</c>. The default is
/// <c>TripleDes</c>.
/// <c>TripleDes</c> for keys with firmware 5.6.x and earlier and <c>Aes192</c> for YubiKeys with firmware 5.7.x and later.
/// </summary>
public PivAlgorithm Algorithm { get; set; }

Expand Down Expand Up @@ -168,8 +168,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey)
/// <summary>
/// Initializes a new instance of the <c>SetManagementKeyCommand</c> class.
/// This command takes the new management key as input and will set the
/// <c>TouchPolicy</c> and <c>Algorithm</c> properties to their
/// respective defaults.
/// <c>TouchPolicy</c> to the default state and the <c>Algorithm</c> to the algorithm provided.
/// </summary>
/// <remarks>
/// This constructor is provided for those developers who want to use the
Expand All @@ -184,7 +183,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey)
/// <para>
/// Valid algorithms are <c>PivAlgorithm.TripleDes</c>,
/// <c>PivAlgorithm.Aes128</c>, <c>PivAlgorithm.Aes192</c>, and
/// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>.
/// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>. YubiKeys with firmware versions prior to 5.4.2 can only use <c>PivAlgorithm.TripleDes</c>.
/// </para>
/// <para>
/// Note that you need to authenticate the current PIV management key before
Expand Down Expand Up @@ -219,7 +218,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey, PivTouchPolicy touch
/// <para>
/// Valid algorithms are <c>PivAlgorithm.TripleDes</c>,
/// <c>PivAlgorithm.Aes128</c>, <c>PivAlgorithm.Aes192</c>, and
/// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>.
/// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>. YubiKeys with firmware versions prior to 5.4.2 can only use <c>PivAlgorithm.TripleDes</c>.
/// </para>
/// <para>
/// Note also that you need to authenticate the current PIV management
Expand Down
4 changes: 2 additions & 2 deletions Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Pinonly.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -513,7 +513,7 @@ private PivPinOnlyMode GetPinDerivedStatus(

/// <summary>
/// Set the YubiKey's PIV application to be PIN-only with a PIN-derived
/// and/or PIN-Protected management key (Firmware 5.7.x and later: AES-192. Firmware 5.6.x and earlier: TDES.). This sets the
/// and/or PIN-Protected management key. The default management key algorithm will be used (AES-192 for YubiKeys with firmware 5.7.x and later, TDES for keys with firmware 5.6.x and earlier). This sets the
/// YubiKey to either
/// <code>
/// PivPinOnlyMode.PinProtected
Expand Down Expand Up @@ -727,7 +727,7 @@ private PivPinOnlyMode GetPinDerivedStatus(
/// </param>
/// <exception cref="InvalidOperationException">
/// There is no <c>KeyCollector</c> loaded, one of the keys provided was
/// not of a valid key algorithm type (Firmware 5.7.x and later: AES-192. Firmware 5.6.x and earlier: TDES.), the data stored on the YubiKey is
/// not of a valid key algorithm type, the data stored on the YubiKey is
/// incompatible with PIN-only, or the YubiKey had some other error, such
/// as unreliable connection.
/// </exception>
Expand Down
Loading