Package com.yubico.yubikit.piv

Class PivSession

  • All Implemented Interfaces:
    java.io.Closeable, java.lang.AutoCloseable
    public class PivSession
extends com.yubico.yubikit.core.application.ApplicationSession<PivSession>
    Personal Identity Verification (PIV) interface specified in NIST SP 800-73 document "Cryptographic Algorithms and Key Sizes for PIV". This enables you to perform RSA or ECC sign/decrypt operations using a private key stored on the smartcard, through common transports like PKCS#11.

    • Constructor Summary

      Constructors 
      Constructor Description
      PivSession​(com.yubico.yubikit.core.smartcard.SmartCardConnection connection)
      Create new instance of PivSession and selects the application for use

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      java.security.cert.X509Certificate attestKey​(Slot slot)
      Creates an attestation certificate for a private key which was generated on the YubiKey.
      void authenticate​(ManagementKeyType keyType, byte[] managementKey)
      Authenticate with the Management Key.
      byte[] calculateSecret​(Slot slot, java.security.interfaces.ECPublicKey peerPublicKey)
      Perform an ECDH operation with a given public key to compute a shared secret.
      void changePin​(char[] oldPin, char[] newPin)
      Change PIN.
      void changePuk​(char[] oldPuk, char[] newPuk)
      Change PUK.
      void checkKeySupport​(KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy, boolean generate)
      Checks if a given firmware version of YubiKey supports a specific key type with given policies.
      void close()  
      byte[] decrypt​(Slot slot, byte[] cipherText, javax.crypto.Cipher algorithm)
      Deprecated.
      void deleteCertificate​(Slot slot)
      Deletes a certificate from the YubiKey.
      java.security.PublicKey generateKey​(Slot slot, KeyType keyType, PinPolicy pinPolicy, TouchPolicy touchPolicy)
      Generates a new key pair within the YubiKey.
      java.security.cert.X509Certificate getCertificate​(Slot slot)
      Reads the X.509 certificate stored in a slot.
      ManagementKeyMetadata getManagementKeyMetadata()
      Reads metadata about the card management key.
      byte[] getObject​(int objectId)
      Read a data object from the YubiKey.
      int getPinAttempts()
      Receive number of attempts left for PIN from YubiKey
      PinMetadata getPinMetadata()
      Reads metadata about the PIN, such as total number of retries, attempts left, and if the PIN has been changed from the default value.
      PinMetadata getPukMetadata()
      Reads metadata about the PUK, such as total number of retries, attempts left, and if the PUK has been changed from the default value.
      int getSerialNumber()
      Get the serial number from the YubiKey.
      SlotMetadata getSlotMetadata​(Slot slot)
      Reads metadata about the private key stored in a slot.
      com.yubico.yubikit.core.Version getVersion()
      Get the PIV application version from the YubiKey.
      void putCertificate​(Slot slot, java.security.cert.X509Certificate certificate)
      Writes an X.509 certificate to a slot on the YubiKey.
      KeyType putKey​(Slot slot, java.security.PrivateKey key, PinPolicy pinPolicy, TouchPolicy touchPolicy)
      Import a private key into a slot.
      void putObject​(int objectId, byte[] objectData)
      Write a data object to the YubiKey.
      byte[] rawSignOrDecrypt​(Slot slot, KeyType keyType, byte[] payload)
      Performs a private key operation on the given payload.
      void reset()
      Resets the application to just-installed state.
      void setManagementKey​(ManagementKeyType keyType, byte[] managementKey, boolean requireTouch)
      Change management key This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]).
      void setPinAttempts​(int pinAttempts, int pukAttempts)
      Set the number of retries available for PIN and PUK entry.
      byte[] sign​(Slot slot, KeyType keyType, byte[] message, java.security.Signature algorithm)
      Deprecated.
      void unblockPin​(char[] puk, char[] newPin)
      Reset a blocked PIN to a new value using the PUK.
      void verifyPin​(char[] pin)
      Authenticate with pin 0 - PIN authentication blocked.

      • Methods inherited from class com.yubico.yubikit.core.application.ApplicationSession

        require, supports

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • FEATURE_P384

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_P384
        Support for the NIST P-348 elliptic curve.

      • FEATURE_USAGE_POLICY

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_USAGE_POLICY
        Support for custom PIN or Touch policy.

      • FEATURE_TOUCH_CACHED

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_TOUCH_CACHED
        Support for the CACHED Touch policy.

      • FEATURE_ATTESTATION

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_ATTESTATION
        Support for Attestation of generated keys.

      • FEATURE_SERIAL

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_SERIAL
        Support for reading the YubiKey serial number.

      • FEATURE_METADATA

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_METADATA
        Support for getting PIN/PUK/Management key and private key metadata.

      • FEATURE_AES_KEY

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_AES_KEY
        Support for AES management keys.

      • FEATURE_RSA_GENERATION

        public static final com.yubico.yubikit.core.application.Feature<PivSession> FEATURE_RSA_GENERATION
        Support for generating RSA keys.

    • Constructor Detail

      • PivSession

        public PivSession​(com.yubico.yubikit.core.smartcard.SmartCardConnection connection)
           throws java.io.IOException,
                  com.yubico.yubikit.core.smartcard.ApduException,
                  com.yubico.yubikit.core.application.ApplicationNotAvailableException
        Create new instance of PivSession and selects the application for use
        Parameters:
        connection - connection with YubiKey
        Throws:
        java.io.IOException - in case of communication error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.ApplicationNotAvailableException - if the application is missing or disabled

    • Method Detail

      • close

        public void close()
           throws java.io.IOException
        Throws:
        java.io.IOException

      • getVersion

        public com.yubico.yubikit.core.Version getVersion()
        Get the PIV application version from the YubiKey. For YubiKey 4 and later this will match the YubiKey firmware version.
        Specified by:
        getVersion in class com.yubico.yubikit.core.application.ApplicationSession<PivSession>
        Returns:
        application version

      • getSerialNumber

        public int getSerialNumber()
                    throws java.io.IOException,
                           com.yubico.yubikit.core.smartcard.ApduException
        Get the serial number from the YubiKey. NOTE: This requires the SERIAL_API_VISIBLE flag to be set on one of the YubiOTP slots (it is set by default).

        This functionality requires support for FEATURE_SERIAL, available on YubiKey 5 or later.

        Returns:
        The YubiKey's serial number
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • reset

        public void reset()
           throws java.io.IOException,
                  com.yubico.yubikit.core.smartcard.ApduException
        Resets the application to just-installed state.
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • authenticate

        public void authenticate​(ManagementKeyType keyType,
                         byte[] managementKey)
                  throws java.io.IOException,
                         com.yubico.yubikit.core.smartcard.ApduException,
                         com.yubico.yubikit.core.application.BadResponseException
        Authenticate with the Management Key.
        Parameters:
        keyType - the algorithm used for the management key The default key uses TDES
        managementKey - management key as byte array The default 3DES management key (9B) is 010203040506070801020304050607080102030405060708.
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • sign

        @Deprecated
public byte[] sign​(Slot slot,
                   KeyType keyType,
                   byte[] message,
                   java.security.Signature algorithm)
            throws java.io.IOException,
                   com.yubico.yubikit.core.smartcard.ApduException,
                   com.yubico.yubikit.core.application.BadResponseException,
                   java.security.NoSuchAlgorithmException
        Deprecated.
        Create a signature for a given message.

        The algorithm must be compatible with the given key type. DEPRECATED: Use the PivProvider JCA Security Provider instead.

        Parameters:
        slot - the slot containing the private key to use
        keyType - the type of the key stored in the slot
        message - the message to hash
        algorithm - the signing algorithm to use
        Returns:
        the signature
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response
        java.security.NoSuchAlgorithmException - if the algorithm isn't supported

      • rawSignOrDecrypt

        public byte[] rawSignOrDecrypt​(Slot slot,
                               KeyType keyType,
                               byte[] payload)
                        throws java.io.IOException,
                               com.yubico.yubikit.core.smartcard.ApduException,
                               com.yubico.yubikit.core.application.BadResponseException
        Performs a private key operation on the given payload. Any hashing and/or padding required should already be done prior to calling this method. More commonly, the JCA classes provided should be used instead of directly calling this.
        Parameters:
        slot - the slot containing the private key to use
        keyType - the type of the key stored in the slot
        payload - the data to operate on
        Returns:
        the result of the operation
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • decrypt

        @Deprecated
public byte[] decrypt​(Slot slot,
                      byte[] cipherText,
                      javax.crypto.Cipher algorithm)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException,
                      com.yubico.yubikit.core.application.BadResponseException,
                      java.security.NoSuchAlgorithmException,
                      javax.crypto.NoSuchPaddingException,
                      javax.crypto.BadPaddingException
        Deprecated.
        Decrypt an RSA-encrypted message. DEPRECATED: Use the PivProvider JCA Security Provider instead.
        Parameters:
        slot - the slot containing the RSA private key to use
        cipherText - the encrypted payload to decrypt
        algorithm - the algorithm used for encryption
        Returns:
        the decrypted plaintext
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response
        javax.crypto.NoSuchPaddingException - in case the padding algorithm isn't supported
        java.security.NoSuchAlgorithmException - in case the algorithm isn't supported
        javax.crypto.BadPaddingException - in case of a padding error

      • calculateSecret

        public byte[] calculateSecret​(Slot slot,
                              java.security.interfaces.ECPublicKey peerPublicKey)
                       throws java.io.IOException,
                              com.yubico.yubikit.core.smartcard.ApduException,
                              com.yubico.yubikit.core.application.BadResponseException
        Perform an ECDH operation with a given public key to compute a shared secret.
        Parameters:
        slot - the slot containing the private EC key
        peerPublicKey - the peer public key for the operation
        Returns:
        the shared secret, comprising the x-coordinate of the ECDH result point.
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • setManagementKey

        public void setManagementKey​(ManagementKeyType keyType,
                             byte[] managementKey,
                             boolean requireTouch)
                      throws java.io.IOException,
                             com.yubico.yubikit.core.smartcard.ApduException
        Change management key This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]).

        Thi setting requireTouch=true requires support for FEATURE_USAGE_POLICY, available on YubiKey 4 or later.

        Parameters:
        managementKey - new value of management key
        requireTouch - true to require touch for authentication
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • verifyPin

        public void verifyPin​(char[] pin)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException,
                      InvalidPinException
        Authenticate with pin 0 - PIN authentication blocked. Note: that 15 is the highest value that will be returned even if remaining tries is higher.
        Parameters:
        pin - string with pin (UTF-8) The default PIN code is 123456.
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        InvalidPinException - in case if pin is invalid

      • getPinAttempts

        public int getPinAttempts()
                   throws java.io.IOException,
                          com.yubico.yubikit.core.smartcard.ApduException
        Receive number of attempts left for PIN from YubiKey

        NOTE: If this command is run in a session where the correct PIN has already been verified, the correct value will not be retrievable, and the value returned may be incorrect if the number of total attempts has been changed from the default.

        Returns:
        number of attempts left
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • changePin

        public void changePin​(char[] oldPin,
                      char[] newPin)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException,
                      InvalidPinException
        Change PIN.
        Parameters:
        oldPin - old pin for verification
        newPin - new pin to set
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        InvalidPinException - in case if pin is invalid

      • changePuk

        public void changePuk​(char[] oldPuk,
                      char[] newPuk)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException,
                      InvalidPinException
        Change PUK.
        Parameters:
        oldPuk - old puk for verification
        newPuk - new puk to set
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        InvalidPinException - in case if puk is invalid

      • unblockPin

        public void unblockPin​(char[] puk,
                       char[] newPin)
                throws java.io.IOException,
                       com.yubico.yubikit.core.smartcard.ApduException,
                       InvalidPinException
        Reset a blocked PIN to a new value using the PUK.
        Parameters:
        puk - puk for verification The default PUK code is 12345678.
        newPin - new pin to set
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        InvalidPinException - in case if puk is invalid

      • setPinAttempts

        public void setPinAttempts​(int pinAttempts,
                           int pukAttempts)
                    throws java.io.IOException,
                           com.yubico.yubikit.core.smartcard.ApduException
        Set the number of retries available for PIN and PUK entry.

        This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]) and verification with pin verifyPin(char[])}.

        Parameters:
        pinAttempts - the number of attempts to allow for PIN entry before blocking the PIN
        pukAttempts - the number of attempts to allow for PUK entry before blocking the PUK
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getPinMetadata

        public PinMetadata getPinMetadata()
                           throws java.io.IOException,
                                  com.yubico.yubikit.core.smartcard.ApduException
        Reads metadata about the PIN, such as total number of retries, attempts left, and if the PIN has been changed from the default value.

        This functionality requires support for FEATURE_METADATA, available on YubiKey 5.3 or later.

        Returns:
        metadata about the PIN
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getPukMetadata

        public PinMetadata getPukMetadata()
                           throws java.io.IOException,
                                  com.yubico.yubikit.core.smartcard.ApduException
        Reads metadata about the PUK, such as total number of retries, attempts left, and if the PUK has been changed from the default value.

        This functionality requires support for FEATURE_METADATA, available on YubiKey 5.3 or later.

        Returns:
        metadata about the PUK
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getManagementKeyMetadata

        public ManagementKeyMetadata getManagementKeyMetadata()
                                               throws java.io.IOException,
                                                      com.yubico.yubikit.core.smartcard.ApduException
        Reads metadata about the card management key.

        This functionality requires support for FEATURE_METADATA, available on YubiKey 5.3 or later.

        Returns:
        metadata about the card management key, such as the Touch policy and if the default value has been changed
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getSlotMetadata

        public SlotMetadata getSlotMetadata​(Slot slot)
                             throws java.io.IOException,
                                    com.yubico.yubikit.core.smartcard.ApduException
        Reads metadata about the private key stored in a slot.

        This functionality requires support for FEATURE_METADATA, available on YubiKey 5.3 or later.

        Parameters:
        slot - the slot to read metadata about
        Returns:
        metadata about a slot
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getCertificate

        public java.security.cert.X509Certificate getCertificate​(Slot slot)
                                                  throws java.io.IOException,
                                                         com.yubico.yubikit.core.smartcard.ApduException,
                                                         com.yubico.yubikit.core.application.BadResponseException
        Reads the X.509 certificate stored in a slot.
        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        Returns:
        certificate instance
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • putCertificate

        public void putCertificate​(Slot slot,
                           java.security.cert.X509Certificate certificate)
                    throws java.io.IOException,
                           com.yubico.yubikit.core.smartcard.ApduException
        Writes an X.509 certificate to a slot on the YubiKey. This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]).
        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        certificate - certificate to write
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • attestKey

        public java.security.cert.X509Certificate attestKey​(Slot slot)
                                             throws java.io.IOException,
                                                    com.yubico.yubikit.core.smartcard.ApduException,
                                                    com.yubico.yubikit.core.application.BadResponseException
        Creates an attestation certificate for a private key which was generated on the YubiKey.

        This functionality requires support for FEATURE_ATTESTATION, available on YubiKey 4.3 or later.

        A high level description of the thinking and how this can be used can be found at https://developers.yubico.com/PIV/Introduction/PIV_attestation.html Attestation works through a special key slot called "f9" this comes pre-loaded from factory with a key and cert signed by Yubico, but can be overwritten. After a key has been generated in a normal slot it can be attested by this special key

        This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]) This method requires key to be generated on slot generateKey(Slot, KeyType, PinPolicy, TouchPolicy)

        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        Returns:
        an attestation certificate for the key in the given slot
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • deleteCertificate

        public void deleteCertificate​(Slot slot)
                       throws java.io.IOException,
                              com.yubico.yubikit.core.smartcard.ApduException
        Deletes a certificate from the YubiKey. This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[])

        Note: This does NOT delete any corresponding private key.

        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • checkKeySupport

        public void checkKeySupport​(KeyType keyType,
                            PinPolicy pinPolicy,
                            TouchPolicy touchPolicy,
                            boolean generate)
        Checks if a given firmware version of YubiKey supports a specific key type with given policies.
        Parameters:
        keyType - the type of key to check
        pinPolicy - the PIN policy to check
        touchPolicy - the touch policy to check
        generate - true to check if key generation is supported, false to check key import.

      • generateKey

        public java.security.PublicKey generateKey​(Slot slot,
                                           KeyType keyType,
                                           PinPolicy pinPolicy,
                                           TouchPolicy touchPolicy)
                                    throws java.io.IOException,
                                           com.yubico.yubikit.core.smartcard.ApduException,
                                           com.yubico.yubikit.core.application.BadResponseException
        Generates a new key pair within the YubiKey. This method requires verification with pin verifyPin(char[])} and authentication with management key authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]).

        RSA key types require FEATURE_RSA_GENERATION, available on YubiKeys OTHER THAN 4.2.6-4.3.4. KeyType P348 requires FEATURE_P384, available on YubiKey 4 or later. PinPolicy or TouchPolicy other than default require FEATURE_USAGE_POLICY, available on YubiKey 4 or later. TouchPolicy.CACHED requires FEATURE_TOUCH_CACHED, available on YubiKey 4.3 or later.

        NOTE: YubiKey FIPS does not allow RSA1024 nor PinProtocol.NEVER.

        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        keyType - which algorithm is used for key generation KeyType
        pinPolicy - the PIN policy for using the private key
        touchPolicy - the touch policy for using the private key
        Returns:
        the public key of the generated key pair
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • putKey

        public KeyType putKey​(Slot slot,
                      java.security.PrivateKey key,
                      PinPolicy pinPolicy,
                      TouchPolicy touchPolicy)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException
        Import a private key into a slot. This method requires authentication authenticate(com.yubico.yubikit.piv.ManagementKeyType, byte[]).

        KeyType P348 requires FEATURE_P384, available on YubiKey 4 or later. PinPolicy or TouchPolicy other than default require FEATURE_USAGE_POLICY, available on YubiKey 4 or later.

        NOTE: YubiKey FIPS does not allow RSA1024 nor PinProtocol.NEVER.

        Parameters:
        slot - Key reference '9A', '9C', '9D', or '9E'. Slot.
        key - the private key to import
        pinPolicy - the PIN policy for using the private key
        touchPolicy - the touch policy for using the private key
        Returns:
        the KeyType value of the imported key
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey

      • getObject

        public byte[] getObject​(int objectId)
                 throws java.io.IOException,
                        com.yubico.yubikit.core.smartcard.ApduException,
                        com.yubico.yubikit.core.application.BadResponseException
        Read a data object from the YubiKey.
        Parameters:
        objectId - the ID of the object to read, see ObjectId.
        Returns:
        the stored data object contents
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey
        com.yubico.yubikit.core.application.BadResponseException - in case of incorrect YubiKey response

      • putObject

        public void putObject​(int objectId,
                      @Nullable
                      byte[] objectData)
               throws java.io.IOException,
                      com.yubico.yubikit.core.smartcard.ApduException
        Write a data object to the YubiKey.
        Parameters:
        objectId - the ID of the object to write, see ObjectId.
        objectData - the data object contents to write
        Throws:
        java.io.IOException - in case of connection error
        com.yubico.yubikit.core.smartcard.ApduException - in case of an error response from the YubiKey