Crescendo SDK
Loading...
Searching...
No Matches
CrescendoDLL.PCSC Namespace Reference

The CrescendoDLL.PCSC namespace contains Enums relevant to public methods from the main CrescendoDLL namespace. It also contains internal methods and classes that represent the individual applets and applet commands. More...

Classes

class  APDUEngine
 The CrescendoDLL.PCSC.APDUEngine class contains references to applet objects, their current properties and all the necessary internal methods to allow PCSC communication with the SmartCard. More...
 
class  AppletAbstract
 An abstract class representing an applet on the Crescendo token. More...
 
class  AppletProperties
 An abstract class representing the properties of an applet on the Crescendo token. More...
 
class  BerTLVBuffer
 Represents a BER-TLV (Binary Encoded Representation Tag-Length-Value) data buffer for PIV (Personal Identity Verification) data object handling. More...
 
class  FIDODataStructures
 Represents the data structures used in FIDO (CTAP1 & CTAP2) communication, as defined in the latest FIDO CTAP2 Specification. More...
 
class  GenericContainerObject
 Represents a generic PIV (Personal Identity Verification) container object. More...
 
class  OATHObject
 Represents an OATH (Initiative for Open Authentication) credential object for one-time password generation. More...
 
class  PKIObject
 Represents a PIV (Personal Identity Verification) PKI (Public Key Infrastructure) object containing cryptographic material and metadata. More...
 

Enumerations

enum  AuthenticatorClientPINSubCommand {
  getPINRetries = 0x01 , getKeyAgreement = 0x02 , setPIN = 0x03 , changePIN = 0x04 ,
  getPinToken = 0x05 , getPinUvAuthTokenUsingUvWithPermissions = 0x06 , getUVRetries = 0x07 , getPinUvAuthTokenUsingPinWithPermissions = 0x09
}
 Enum for Authenticator Client PIN subcommands as defined in the CTAP protocol. More...
 
enum  AuthenticatorConfigSubCommand { enableEnterpriseAttestation = 0x01 , toggleAlwaysUv = 0x02 , setMinPinLength = 0x03 , vendorPrototype = 0xFF }
 Defines subcommands for the CTAP 2.1 authenticatorConfig command. More...
 
enum  AuthenticatorCredentialManagementSubCommand {
  getCredsMetadata = 0x01 , enumerateRPsBegin = 0x02 , enumerateRPsGetNextRP = 0x03 , enumerateCredentialsBegin = 0x04 ,
  enumerateCredentialsGetNextCredential = 0x05 , deleteCredential = 0x06 , updateUserInformation = 0x07
}
 Enum for possible Authenticator Credential Management subcommands as defined in the CTAP 2.1 protocol. More...
 
enum  CommunicationMedia { ContactModeOnly = 0x01 , ContactlessModeOnly = 0x02 , ContactOrContactlessMode = 0x03 }
 Enum representing different communication media values. More...
 
enum  ECKeyType { ECDSA , ECDH }
 Represents the type of EC key. More...
 
enum  HashAlgoValues { SHA1 = 0x00 , SHA256 = 0x01 , SHA512 = 0x02 }
 Represents different hash algorithms. More...
 
enum  KeyboardEncodings { US , FR }
 Represents different keyboard encodings. More...
 
enum  KeyPurposeCoding { SignatureAuthenticationOnly = 0x11 , DecryptionOnly = 0x22 , Any = 0x33 , KeyTransport = 0x44 }
 Enum representing different Key Purpose coding. More...
 
enum  KeyTypeToBeTransferredWithSKI { PIV , XAUTH , OATH , STATICPASS }
 Represents types of keys that can be transferred to the token using Secure Key Injection (SKI). More...
 
enum  OATHModeName { HOTP = 0x00 , TOTP = 0x11 , OCRA = 0x22 , StaticPassword = 0x44 }
 Represents different modes of OATH (Open Authentication) algorithms. More...
 
enum  PIVCryptographicMechanismIdentifier {
  RSA4096 = 0x04 , RSA3072 = 0x05 , RSA2048 = 0x07 , CURVEP256 = 0X11 ,
  CURVEP384 = 0X14 , RSAPKCS1OAEPSHA1 = 0x35
}
 Enum representing the cryptographic mechanism identifiers for PIV (Personal Identity Verification). More...
 
enum  PIVObjectType { privkey , cert , both , skiWrappedSecret }
 Represents types of PKI objects that can be put to the token. More...
 
enum  QFormatValues { AlphaNumeric = 0x00 , Numeric = 0x01 , Hexadecimal = 0x02 }
 Represents the format of the challenge. More...
 
enum  TimeStepUnits { s = 0x00 , m = 0x01 , h = 0x02 }
 Represents different units of time. More...
 
enum  U2FAuthenticationOptions { EnforceUserPresenceAndSign = 0x03 , CheckOnly = 0x07 , DoNotEnforceUserPresenceAndSign = 0x08 }
 Specifies U2F authentication control byte values as defined in FIDO U2F (CTAP 1) specification - Authentication Request Message. More...
 
enum  UseCounterValues { NotUsed = 0x00 , Used = 0x01 }
 Represents whether the Counter is to be used in OCRA Suite. More...
 
enum  UsePValues { NotUsed = 0x00 , PSHA1 = 0x01 , PSHA256 = 0x02 , PSHA512 = 0x03 }
 Represents whether the PIN/Password is to be used in OCRA Suite. More...
 
enum  UseSValues {
  NotUsed = 0x00 , S64 = 0x01 , S064 = 0x02 , S128 = 0x03 ,
  S256 = 0x04 , S512 = 0x05
}
 Represents whether the Session Information are to be used in OCRA Suite and what is their size. More...
 
enum  UseTimeValues { NotUsed = 0x00 , Used = 0x01 }
 Represents whether the Time is to be used in OCRA Suite. More...
 
enum  XAUTHChallengeType { Static = 0x00 , Dynamic = 0x01 }
 Enum XAUTHChallengeType for representing different types of XAUTH encryption methods. More...
 
enum  XAUTHKeyType { TDES , AES }
 Specifies the type of the XAUTH key. More...
 

Detailed Description

The CrescendoDLL.PCSC namespace contains Enums relevant to public methods from the main CrescendoDLL namespace. It also contains internal methods and classes that represent the individual applets and applet commands.

Enumeration Type Documentation

◆ AuthenticatorClientPINSubCommand

Enum for Authenticator Client PIN subcommands as defined in the CTAP protocol.

Enumerator
getPINRetries 

Retrieves the number of PIN retries remaining. Available in both CTAP 2.0 (named as just 'getRetries') and 2.1.

getKeyAgreement 

Retrieves the public key used for key agreement. Available in both CTAP 2.0 and 2.1.

setPIN 

Sets a new PIN for the authenticator. Available in both CTAP 2.0 and 2.1.

changePIN 

Changes the existing PIN to a new one. Available in both CTAP 2.0 and 2.1.

getPinToken 

Retrieves a token that can be used to perform PIN operations without requiring the user to enter the PIN again. Superseded by newer methods for CTAP 2.1; included for backwards compatibility with CTAP 2.0.

getPinUvAuthTokenUsingUvWithPermissions 

Retrieves a token that can be used for PIN operations with user verification and permissions. Available in CTAP 2.1 only.

getUVRetries 

Retrieves the number of UV (User Verification) retries remaining. Available in CTAP 2.1 only.

getPinUvAuthTokenUsingPinWithPermissions 

Retrieves a token that can be used for PIN operations with user verification and permissions using a PIN. Available in CTAP 2.1 only.

◆ AuthenticatorConfigSubCommand

Defines subcommands for the CTAP 2.1 authenticatorConfig command.

Enumerator
enableEnterpriseAttestation 

Enables enterprise attestation for the authenticator.

Allows the relying party to request enterprise attestation for credentials. Requires explicit user consent due to privacy implications.

toggleAlwaysUv 

Toggles the "always require user verification" setting.

When enabled, the authenticator enforces user verification (UV) for all operations, even if UV is not requested by the relying party.

setMinPinLength 

Sets the minimum PIN length required by the authenticator.

Configures a policy for the minimum PIN length that must be used during PIN setup or changes.

vendorPrototype 

Vendor-specific prototype subcommand.

Reserved for experimental or vendor-specific functionality. Not standardized.

◆ AuthenticatorCredentialManagementSubCommand

Enum for possible Authenticator Credential Management subcommands as defined in the CTAP 2.1 protocol.

Enumerator
getCredsMetadata 

Retrieves metadata about the credentials stored on the authenticator.

enumerateRPsBegin 

Initiates the enumeration of Relying Parties (RPs) associated with credentials on the authenticator.

enumerateRPsGetNextRP 

Retrieves the next Relying Party (RP) in the enumeration sequence.

enumerateCredentialsBegin 

Starts the enumeration of credentials stored on the authenticator.

enumerateCredentialsGetNextCredential 

Retrieves the next credential in the enumeration sequence.

deleteCredential 

Deletes a specified credential from the authenticator.

updateUserInformation 

Updates user information associated with a credential.

◆ CommunicationMedia

Enum representing different communication media values.

Enumerator
ContactModeOnly 

Contact mode only.

ContactlessModeOnly 

Contactless mode only.

ContactOrContactlessMode 

Contact or contactless mode.

◆ ECKeyType

Represents the type of EC key.

Enumerator
ECDSA 

ECDSA key type - usually used for digital signatures.

ECDH 

ECDH key type - usually used for key agreement/exchange.

◆ HashAlgoValues

Represents different hash algorithms.

Enumerator
SHA1 

Secure Hash Algorithm 1. A cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value.

SHA256 

Secure Hash Algorithm 2 with a hash value of 256 bits. It's a member of the SHA-2 cryptographic hash functions designed by the NSA.

SHA512 

Secure Hash Algorithm 2 with a hash value of 512 bits. It's also a member of the SHA-2 cryptographic hash functions.

◆ KeyboardEncodings

Represents different keyboard encodings.

Enumerator
US 

US: Represents US QWERTY keyboard encoding.

FR 

FR: Represents French AZERTY keyboard encoding.

◆ KeyPurposeCoding

Enum representing different Key Purpose coding.

Enumerator
SignatureAuthenticationOnly 

Signature/Authentication Only.

DecryptionOnly 

Decryption Only.

Any 

Any (Signature/Authentication/Decryption)

KeyTransport 

Key Transport.

◆ KeyTypeToBeTransferredWithSKI

Represents types of keys that can be transferred to the token using Secure Key Injection (SKI).

Enumerator
PIV 

Asymmetric RSA or EC key that can be used Personal Identity Verification (PIV) - encryption, signatures, authentication, etc.

XAUTH 

AES or TDES key used by External Authentication Method (XAUTH)

OATH 

Shared secret for the One Time Password generation.

STATICPASS 

Shared secret for the Static Password generation.

◆ OATHModeName

Represents different modes of OATH (Open Authentication) algorithms.

Enumerator
HOTP 

HMAC-Based One-Time Password: An OATH algorithm that uses a secret key and a counter to generate one-time passwords.

TOTP 

Time-Based One-Time Password: An OATH algorithm that uses a secret key and the current time to generate one-time passwords.

OCRA 

OATH Challenge-Response Algorithm: An OATH algorithm that uses a secret key and a server challenge to generate one-time passwords.

StaticPassword 

OATH authentication service that stores a static password on V3 token and returns it upon button press.

◆ PIVCryptographicMechanismIdentifier

Enum representing the cryptographic mechanism identifiers for PIV (Personal Identity Verification).

Enumerator
RSA4096 

RSA encryption with a key size of 4096 bits.

RSA3072 

RSA encryption with a key size of 3072 bits.

RSA2048 

RSA encryption with a key size of 2048 bits.

CURVEP256 

Elliptic Curve Cryptography with the P-256 curve.

CURVEP384 

Elliptic Curve Cryptography with the P-384 curve.

RSAPKCS1OAEPSHA1 

RSA encryption with PKCS1 OAEP padding and SHA-1 hash function.

◆ PIVObjectType

Represents types of PKI objects that can be put to the token.

Enumerator
privkey 

privkey: Represents a private key. When this type is specified, the function puts the private key to the token.

cert 

cert: Represents a certificate. When this type is specified, the function puts the certificate to the token.

both 

both: Represents both a private key and a certificate. When this type is specified, the function puts both the private key and the certificate to the token.

skiWrappedSecret 

skiWrappedSecret: Represents a private key wrapped with SKI Transport Key. When this type is specified, the function expects a JSON string as input. It will then put the wrapped private key to the token.

◆ QFormatValues

Represents the format of the challenge.

Enumerator
AlphaNumeric 

0x00: Challenge format is AlphaNumeric.

Numeric 

0x01: Challenge format is Numeric.

Hexadecimal 

0x02: Challenge format is Hexadecimal.

◆ TimeStepUnits

Represents different units of time.

Enumerator

s: Represents seconds.

m: Represents minutes.

h: Represents hours.

◆ U2FAuthenticationOptions

Specifies U2F authentication control byte values as defined in FIDO U2F (CTAP 1) specification - Authentication Request Message.

These values control the behavior of U2F tokens during authentication operations. The control byte is set by the FIDO Client, not the relying party.

Enumerator
EnforceUserPresenceAndSign 

Require user presence verification (e.g., button press) and generate signature.

The token must:

  1. Verify user presence
  2. Validate key handle matches application parameter
  3. If valid, increment counter and return signature
  4. If invalid, return error code 0x01 (bad key handle)
CheckOnly 

Validate key handle without user presence check or signature.

Used during registration to check for existing credentials. The token must:

  1. Validate key handle matches application parameter
  2. Return 0x02 (test-of-user-presence-required) if valid
  3. Return 0x01 (bad key handle) if invalid Does not generate signatures or modify state
DoNotEnforceUserPresenceAndSign 

Generate signature without requiring user presence verification.

Allows background authentication operations. The token must:

  1. Validate key handle matches application parameter
  2. If valid, increment counter and return signature regardless of user presence
  3. If invalid, return error code 0x01 (bad key handle) Note: Less secure - should be used only for non-critical operations

◆ UseCounterValues

Represents whether the Counter is to be used in OCRA Suite.

Enumerator
NotUsed 

0x00: Counter is not used.

Used 

0x01: Counter is used.

◆ UsePValues

Represents whether the PIN/Password is to be used in OCRA Suite.

Enumerator
NotUsed 

0x00: PIN/Password is not used.

PSHA1 

0x01: PIN/Password is used with PSHA1 parameter.

PSHA256 

0x02: PIN/Password is used with PSHA256 parameter.

PSHA512 

0x03: PIN/Password is used with PSHA512 parameter.

◆ UseSValues

Represents whether the Session Information are to be used in OCRA Suite and what is their size.

Enumerator
NotUsed 

0x00: Session Information is not used.

S64 

0x01: 64-bytes session is used with S parameter.

S064 

0x02: 64-bytes session Information is used with S-064 parameter.

S128 

0x03: 128-bytes session Information is used with S128 parameter.

S256 

0x04: 256-bytes session Information is used with S256 parameter.

S512 

0x05: 512-bytes session Information is used with S512 parameter.

◆ UseTimeValues

Represents whether the Time is to be used in OCRA Suite.

Enumerator
NotUsed 

0x00: Time is not used.

Used 

0x01: Time is used.

◆ XAUTHChallengeType

Enum XAUTHChallengeType for representing different types of XAUTH encryption methods.

Enumerator
Static 

Static: XAUTH is using static default keys to encrypt without calling GET CHALLENGE.

Dynamic 

Dynamic: XAUTH is using GET CHALLENGE to get data to encrypt.

◆ XAUTHKeyType

Specifies the type of the XAUTH key.

Enumerator
TDES 

Represents a Triple Data Encryption Standard (TDES) XAUTH key.

AES 

Represents an Advanced Encryption Standard (AES) XAUTH key.