What is the best way to block the PIN and PUK in order to do a PIV reset?

Yubico / Yubico.NET.SDK

A YubiKey SDK for .NET developers

Apache License 2.0

99 stars 47 forks source link

What is the best way to block the PIN and PUK in order to do a PIV reset? #5

Closed DSBloom closed 2 years ago

DSBloom commented 2 years ago

In our current use case we reset the PIV application on our Yubikeys before we provision them. This is easy with the ykman tool, but with the SDK it requires that both the PIN and PUK be blocked before the ResetPivCommand will work.

Does ykman block out the PIN and PUK in the background when it resets the PIV app? What would be the best way for us to block out those secrets before we run the ResetPivCommand?

GregDomzalski commented 2 years ago

You can call PivSession.ResetApplication(). That should automatically take care of everything for you. Documentation here: https://docs.yubico.com/yesdk/yubikey-api/Yubico.YubiKey.Piv.PivSession.ResetApplication.html

Generally, you should only need to drop into the Commands namespace if you're trying to do something low-level, or something that hasn't yet made it into the higher-level APIs.

DSBloom commented 2 years ago

How did I miss that? Thank you for the quick reply. I swear I'm reading the docs!