Merge pull request #177

documentation: management key algorithm

Author: DennisDyallo

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/InitializeAuthenticateManagementKeyCommand.cs

@@ -321,7 +321,7 @@ public InitializeAuthenticateManagementKeyCommand()
         /// <remarks>
         /// Using this constructor is equivalent to
         /// <code language="csharp">
-        ///  new InitializeAuthenticateManagementKeyCommand(true, PivAlgorithm.AES192);
+        ///  new InitializeAuthenticateManagementKeyCommand(true, PivAlgorithm.algorithm);
         /// </code>
         /// </remarks>
         public InitializeAuthenticateManagementKeyCommand(PivAlgorithm algorithm)

Yubico.YubiKey/src/Yubico/YubiKey/Piv/Commands/SetManagementKeyCommand.cs

@@ -137,7 +137,7 @@ public sealed class SetManagementKeyCommand : IYubiKeyCommand<SetManagementKeyRe
         /// 5.4.2, only Triple-DES (<c>PivAlgorithm.TripleDes</c>) is supported.
         /// Beginning with 5.4.2, the Algorithm can be <c>Aes128</c>,
         /// <c>Aes192</c>, <c>Aes256</c>, or <c>TripleDes</c>. The default is
-        /// <c>TripleDes</c>.
+        /// <c>TripleDes</c> for keys with firmware 5.6.x and earlier and <c>Aes192</c> for YubiKeys with firmware 5.7.x and later.
         /// </summary>
         public PivAlgorithm Algorithm { get; set; }
 
@@ -168,8 +168,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey)
         /// <summary>
         /// Initializes a new instance of the <c>SetManagementKeyCommand</c> class.
         /// This command takes the new management key as input and will set the
-        /// <c>TouchPolicy</c> and <c>Algorithm</c> properties to their
-        /// respective defaults.
+        /// <c>TouchPolicy</c> to the default state and the <c>Algorithm</c> to the algorithm provided.
         /// </summary>
         /// <remarks>
         /// This constructor is provided for those developers who want to use the
@@ -184,7 +183,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey)
         /// <para>
         /// Valid algorithms are <c>PivAlgorithm.TripleDes</c>,
         /// <c>PivAlgorithm.Aes128</c>, <c>PivAlgorithm.Aes192</c>, and
-        /// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>.
+        /// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>. YubiKeys with firmware versions prior to 5.4.2 can only use <c>PivAlgorithm.TripleDes</c>.
         /// </para>
         /// <para>
         /// Note that you need to authenticate the current PIV management key before
@@ -219,7 +218,7 @@ public SetManagementKeyCommand(ReadOnlyMemory<byte> newKey, PivTouchPolicy touch
         /// <para>
         /// Valid algorithms are <c>PivAlgorithm.TripleDes</c>,
         /// <c>PivAlgorithm.Aes128</c>, <c>PivAlgorithm.Aes192</c>, and
-        /// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>.
+        /// <c>PivAlgorithm.Aes256</c>. FIPS YubiKeys versions 5.7 and greater require <c>PivAlgorithm.Aes192</c>. YubiKeys with firmware versions prior to 5.4.2 can only use <c>PivAlgorithm.TripleDes</c>.
         /// </para>
         /// <para>
         /// Note also that you need to authenticate the current PIV management

Yubico.YubiKey/src/Yubico/YubiKey/Piv/PivSession.Pinonly.cs

@@ -513,7 +513,7 @@ private PivPinOnlyMode GetPinDerivedStatus(
 
         /// <summary>
         ///     Set the YubiKey's PIV application to be PIN-only with a PIN-derived
-        ///     and/or PIN-Protected management key (Firmware 5.7.x and later: AES-192. Firmware 5.6.x and earlier: TDES.). This sets the
+        ///     and/or PIN-Protected management key. The default management key algorithm will be used (AES-192 for YubiKeys with firmware 5.7.x and later, TDES for keys with firmware 5.6.x and earlier). This sets the
         ///     YubiKey to either
         ///     <code>
         ///        PivPinOnlyMode.PinProtected
@@ -727,7 +727,7 @@ private PivPinOnlyMode GetPinDerivedStatus(
         /// </param>
         /// <exception cref="InvalidOperationException">
         ///     There is no <c>KeyCollector</c> loaded, one of the keys provided was
-        ///     not of a valid key algorithm type (Firmware 5.7.x and later: AES-192. Firmware 5.6.x and earlier: TDES.), the data stored on the YubiKey is
+        ///     not of a valid key algorithm type, the data stored on the YubiKey is
         ///     incompatible with PIN-only, or the YubiKey had some other error, such
         ///     as unreliable connection.
         /// </exception>