Class Credentials
Holds the core primitives that make up the authentication and authorization token of a Smartcrypt identity. This object is not thread safe.
Inherited Members
Namespace: PKWARE.Smartcrypt.MetaClient
Assembly: MetaClient.dll
Syntax
public sealed class CredentialsRemarks
At it's very core, a Smartcrypt identity is a RSA key pair. We use a username as a front to this identity, and the user uses a password to gain access to the identity. We generate an AES key from the password using PBKDF2 and use this AES key to encrypt the private key before storing it on MDS. We use the Sid to track the private key, Pid to track the public key and the username (in the form of an email address), and User to track the PBKDF2 parameters.
Properties
LoginRounds
The number of rounds used for PBKDF2.
Declaration
public int LoginRounds { get; }Property Value
| Type | Description |
|---|---|
| Int32 |
LoginSalt
The salt used for PBKDF2.
Declaration
[CanBeNull]
public string LoginSalt { get; }Property Value
| Type | Description |
|---|---|
| String |
LoginUrn
URN of the identity.
Declaration
[CanBeNull]
public string LoginUrn { get; }Property Value
| Type | Description |
|---|---|
| String |
PrivateKey
DER encoded RSA private key.
Declaration
[CanBeNull]
public byte[] PrivateKey { get; }Property Value
| Type | Description |
|---|---|
| Byte[] |
PrivateKeyV6
The V6 encrypted RSA private key.
Declaration
[NotNull]
public string PrivateKeyV6 { get; }Property Value
| Type | Description |
|---|---|
| String |
Methods
CalculateSHash(String)
Calculates the SHash for these credentials given a SID locator.
Declaration
[NotNull]
[Pure]
public string CalculateSHash([NotNull] string sidLocator)Parameters
| Type | Name | Description |
|---|---|---|
| String | sidLocator | The locator to decrypt and produces the SHash from. |
Returns
| Type | Description |
|---|---|
| String | The SHash. |
Exceptions
| Type | Condition |
|---|---|
| MetaClientException | With Category of CategoryUpgrade if the data are newer than understood by this software. With Category of CategoryInternal if the data are in an invalid format. |
ForExistingAccount(ICryptoProvider, String, String, String, Int32)
Creates a new Credentials and initializes it with the parameters of an existing Smartcrypt identity.
Declaration
[NotNull]
public static Credentials ForExistingAccount([NotNull] ICryptoProvider cryptoProvider, [NotNull] string password, [NotNull] string urn, [NotNull] string salt, int rounds)Parameters
| Type | Name | Description |
|---|---|---|
| ICryptoProvider | cryptoProvider | The ICryptoProvider to use for cryptographic primitives. |
| String | password | The user's password. |
| String | urn | The URN of the identity. |
| String | salt | The salt used for PBKDF2 during login. |
| Int32 | rounds | The number of rounds with which to run PBKDF2. |
Returns
| Type | Description |
|---|---|
| Credentials | A initialized instance ready to decrypt the RSA private key. |
GetLoginToken(String)
Retrieves the optionally encrypted login token.
Declaration
[NotNull]
public string GetLoginToken([CanBeNull] string publicKey = null)Parameters
| Type | Name | Description |
|---|---|---|
| String | publicKey | An optional V2-formatted public RSA key. If provided, the login token is encrypted for this key. |
Returns
| Type | Description |
|---|---|
| String | The login token in either plaintext or in the V2 format. |
Exceptions
| Type | Condition |
|---|---|
| MetaClientException | With Category of CategoryUpgrade if the data are newer than understood by this software. With Category of CategoryInternal if the data are in an invalid format. With Category of CategoryClient if all required parameters were not provided. |
GetLoginTokenHash(String)
Retrieves the optionally encrypted login token hash.
Declaration
[NotNull]
public string GetLoginTokenHash([CanBeNull] string publicKey = null)Parameters
| Type | Name | Description |
|---|---|---|
| String | publicKey | An optional V2-formatted public RSA key. If provided, the login token hash is encrypted for this key. |
Returns
| Type | Description |
|---|---|
| String | The login token hash in either plaintext or in the V2 format. |
Exceptions
| Type | Condition |
|---|---|
| MetaClientException | With Category of CategoryUpgrade if the data are newer than understood by this software. With Category of CategoryInternal if the data are in an invalid format. With Category of CategoryClient if all required parameters were not provided. |
LoadPrivateKey(String)
Decrypts an encrypted private key using the password-derived AES key.
Declaration
public bool LoadPrivateKey([NotNull] string privateKey)Parameters
| Type | Name | Description |
|---|---|---|
| String | privateKey | The private key to decrypt. Must be in the V6 format. |
Returns
| Type | Description |
|---|---|
| Boolean |
|
Exceptions
| Type | Condition |
|---|---|
| MetaClientException | With Category of CategoryUpgrade if the data are newer than understood by this software. |