docs: Address inconsistencies and obsolete class references#441
Open
DennisDyallo wants to merge 10 commits intodevelopfrom
Open
docs: Address inconsistencies and obsolete class references#441DennisDyallo wants to merge 10 commits intodevelopfrom
DennisDyallo wants to merge 10 commits intodevelopfrom
Conversation
Replace obsolete type references across 7 documentation files: - ECPublicKeyParameters/ECPrivateKeyParameters → ECPublicKey/ECPrivateKey factory methods - PivPublicKey/PivRsaPublicKey/PivEccPrivateKey → IPublicKey/RSAPublicKey/ECPrivateKey - GenerateKeyPair(PivAlgorithm) → GenerateKeyPair(KeyType) - GetDeviceInfoCommand → IYubiKeyDevice high-level API - Fix typo Scp03KeyParamaters → Scp03KeyParameters Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- fips-mode.md: Add explicit connection establishment from device, fix vfyFipsMode → vfyFipsModeRsp variable name typo - secure-channel-protocol.md: Break long line into two for readability - attestation.md: Remove dead variable in ECC example Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Added note about memory security in FIDO2 PIN example. - Specified code block language for OATH credentials example. - Fixed syntax errors in key collector code examples.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the user manual docs to align code examples with newer SDK APIs, especially around PIV key types and SCP secure channel usage.
Changes:
- Updated PIV-related docs/examples to use
KeyType,IPublicKey/IPrivateKey, and the newer RSA/EC key classes and.Parametersaccess patterns. - Updated SCP03/SCP11 documentation snippets to use newer key construction helpers (e.g.,
ECPublicKey.CreateFromParameters,ECPrivateKey.CreateFromParameters,Scp03KeyParameters). - Fixed and clarified several documentation samples (syntax highlighting tags, key collector examples, device info retrieval).
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/users-manual/sdk-programming-guide/secure-channel-protocol.md | Updates SCP03/SCP11 examples to newer SCP/key APIs and key type names. |
| docs/users-manual/sdk-programming-guide/key-collector.md | Fixes key collector sample code and updates memory handling in examples. |
| docs/users-manual/getting-started/overview-of-sdk.md | Updates PIV key generation example to use KeyType.RSA2048. |
| docs/users-manual/application-u2f/fips-mode.md | Updates FIPS detection examples to use IYubiKeyDevice-based device info access. |
| docs/users-manual/application-security-domain/security-domain-keys.md | Updates Security Domain key import examples to use ECPrivateKey/ECPublicKey factories. |
| docs/users-manual/application-piv/cert-request.md | Updates public key handling example to new public key types and .Parameters. |
| docs/users-manual/application-piv/attestation.md | Updates attestation API references and key/cert matching examples to new key types. |
| docs/users-manual/application-piv/access-control.md | Updates access-control example to IPublicKey and KeyType. |
| docs/users-manual/application-oath/oath-credentials.md | Updates code block language tag for syntax highlighting. |
| docs/users-manual/application-fido2/fido2-pin.md | Adds a note about secure wiping limitations when using string for PIN handling. |
Comments suppressed due to low confidence (1)
docs/users-manual/application-oath/oath-credentials.md:149
- This code block now has
csharphighlighting, but the sample shown is not valid C#: object initializers are missing trailing semicolons,Typeshould be assigned usingCredentialType.Totp/CredentialType.Hotp, and the property name in the SDK isRequiresTouch(see Oath sample code). Please update the snippet so it compiles as-written.
```csharp
// create TOTP credential
var credential = new Credential {
Issuer = "Yubico",
AccountName = "test@yubico.com",
Type = Totp,
Period = 30,
Digits = 6,
Secret = "HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ",
RequireTouch = false
}
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
docs/users-manual/sdk-programming-guide/secure-channel-protocol.md
Outdated
Show resolved
Hide resolved
…rotocol.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix non-compiling code examples (GetString→ToString, wrong variable/class names), correct RemoveCredential→RenameCredential in rename section, and add try/finally with CryptographicOperations.ZeroMemory to OTP examples that handle cryptographic key material. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Updated SCP11 example to use ECParameters for public key - Ensured clarity in code snippet for better understanding
Collaborator
Author
|
@claude Review and fix the Copilot findings |
|
Claude finished @DennisDyallo's task in 3m 35s —— View job Fixed Copilot Findings
All 8 Copilot findings addressed in commit |
- Fix variable name mismatch: certificateList -> certificates with semicolon - Fix casing: scp03params -> scp03Params in PIV, OATH, OTP, YubiHSM examples - Add missing replaceKvn argument to GenerateEcKey call - Simplify SCP11a params: pass newPublicKey directly (already ECPublicKey) - Replace First() with FirstOrDefault() + null guard in fips-mode examples - Add MyKeyCollector() constructor to properly initialize CurrentValue field Co-authored-by: Dennis Dyallo <DennisDyallo@users.noreply.github.com>
Contributor
|
Awesome! I'll review this tomorrow. |
equijano21
reviewed
Apr 2, 2026
equijano21
reviewed
Apr 2, 2026
equijano21
reviewed
Apr 2, 2026
| .UseYubiOtp() | ||
| .GenerateKey(secretKey) | ||
| .Execute(); | ||
| try |
Contributor
There was a problem hiding this comment.
Just for my own understanding, is the try-finally block ideal here just because it makes it easier to call ZeroMemory?
Collaborator
Author
There was a problem hiding this comment.
Yes its a common pattern. That code is guaranteed to execute, whether or not the surrounding code fails, ensuring a clear of the buffer
Contributor
There was a problem hiding this comment.
Awesome, thanks for the info :)
Contributor
There was a problem hiding this comment.
So the examples in the OTP how-to docs showing credential configuration using generated secret keys/values have been updated to show the ZeroMemory sensitive data handling—what about the examples with secret keys/values that are provided directly and defined elsewhere? Should we be clearing those from memory in the same way after configuration, or are there situations where developers would prefer to handle the data differently?
Collaborator
Author
There was a problem hiding this comment.
I'd say so, yeah. It's good to demo the best practices even when we show examples
equijano21
reviewed
Apr 2, 2026
docs/users-manual/application-otp/how-to-program-a-yubico-otp-credential.md
Outdated
Show resolved
Hide resolved
equijano21
reviewed
Apr 2, 2026
equijano21
reviewed
Apr 2, 2026
Co-authored-by: Elena Quijano <84402487+equijano21@users.noreply.github.com>
Co-authored-by: Elena Quijano <84402487+equijano21@users.noreply.github.com>
Co-authored-by: Elena Quijano <84402487+equijano21@users.noreply.github.com>
Collaborator
Author
|
@equijano21 addressed your findings! :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the documentation to reflect recent SDK API changes, improve code clarity, and fix minor errors. The most significant changes include updating cryptographic key type names and usages, improving code examples for key and certificate handling, and correcting parameter and type usages to align with the latest SDK conventions.
API and Type Updates:
Replaced older key and algorithm types (e.g.,
PivAlgorithm.Rsa2048,PivPublicKey,PivEccPrivateKey,PivRsaPrivateKey) with new types (KeyType.RSA2048,KeyType.ECP256,IPublicKey,IPrivateKey,RSAPrivateKey,ECPrivateKey,RSAPublicKey) across all code examples and method signatures for consistency with the updated SDK. [1] [2] [3] [4] [5] [6] [7]Updated cryptographic parameter handling in code samples to use the
.Parametersproperty of key objects (e.g.,RSAPublicKey.Parameters,ECPrivateKey.Parameters) instead of accessing individual fields or using deprecated types. [1] [2] [3] [4]Secure Channel Protocol (SCP) Improvements:
ECPublicKey.CreateFromParameters,ECPrivateKey.CreateFromParameters,Scp03KeyParameters) instead of deprecated or incorrect types. [1] [2] [3] [4] [5] [6] [7] [8]Code Example Corrections and Improvements:
Fixed code sample errors and improved clarity, such as correcting method calls, exception throwing, and memory handling in key collector examples. [1] [2] [3]
Added comments and notes to highlight important security considerations (e.g., inability to securely wipe strings from memory in PIN handling).
Documentation and Terminology Updates:
Updated documentation to reflect the new way of retrieving device information and checking FIPS mode, using the
IYubiKeyDeviceinterface instead of command-based approaches. [1] [2]Updated code block language identifiers for syntax highlighting (e.g.,
csharp).These changes ensure the documentation is accurate, up-to-date with the SDK, and provides clearer guidance for users.