virot · virot · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025 · Jan 8, 2025
diff --git a/Docs/Commands/Get-YubikeyFIDO2Credentials.md → Docs/Commands/Get-YubikeyFIDO2Credential.md b/Docs/Commands/Get-YubikeyFIDO2Credentials.md → Docs/Commands/Get-YubikeyFIDO2Credential.md
@@ -5,15 +5,15 @@ online version:
 schema: 2.0.0
 ---
 
-# Get-YubikeyFIDO2Credentials
+# Get-YubikeyFIDO2Credential
 
 ## SYNOPSIS
 Read the FIDO2 discoverable credentials
 
 ## SYNTAX
 
 ```
-Get-YubikeyFIDO2Credentials [<CommonParameters>]
+Get-YubikeyFIDO2Credential [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -23,7 +23,7 @@ Get what FIDO2 credentials that have been saved in the Yubikey.
 
 ### Example 1
 ```powershell
-PS C:\> Get-YubikeyFIDO2Credentials
+PS C:\> Get-YubikeyFIDO2Credential
 
 Site            Name         DisplayName
 ----            ----         -----------

diff --git a/Module/Cmdlets/Fido/ConnectYubikeyFIDO2.cs b/Module/Cmdlets/Fido/ConnectYubikeyFIDO2.cs
@@ -77,6 +77,7 @@ protected override void BeginProcessing()
             }
 
             // Check if Connect-YubikeyFIDO2 was called without a PIN (only possible with Yubikey that doesnt have a PIN configured)
+            /*
             if (this.MyInvocation.BoundParameters.ContainsKey("PIN") == false)
             {
                 WriteWarning("FIDO2 has no PIN, please set PIN before continuing:");
@@ -88,6 +89,7 @@ protected override void BeginProcessing()
                 }
                 myPowersShellInstance.Invoke();
             }
+            */
 
 
 #if WINDOWS
@@ -106,12 +108,12 @@ protected override void ProcessRecord()
                 {
                     if (fido2Session.AuthenticatorInfo.GetOptionValue(AuthenticatorOptions.clientPin) == OptionValue.False)
                     {
-                        WriteWarning("Client PIN is not set.");
+                        WriteWarning("Client PIN is not set, see Set-YubiKeyFIDO2PIN.");
                         return;
                     }
                     else if (fido2Session.AuthenticatorInfo.ForcePinChange == true)
                     {
-                        WriteWarning("YubiKey requires PIN change to continue, see Set-YubikeyFIDO2 -SetPIN.");
+                        WriteWarning("YubiKey requires PIN change to continue, see Set-YubiKeyFIDO2PIN.");
                         return;
                     }
                     if (this.MyInvocation.BoundParameters["PIN"] is not null)

diff --git a/Module/Cmdlets/Fido/GetYubikeyFIDO2.cs b/Module/Cmdlets/Fido/GetYubikeyFIDO2.cs
@@ -13,23 +13,19 @@ public class GetYubikeyFIDO2Cmdlet : PSCmdlet
     {
         protected override void BeginProcessing()
         {
-            // If no FIDO2 PIN exists, we need to connect to the FIDO2 application
-            if (YubiKeyModule._fido2PIN is null)
+            // Get-YubiKeyFIDO2, does not require authentication, so just make sure we have a YubiKey connected.
+            if (YubiKeyModule._yubikey is null)
             {
-                WriteDebug("No FIDO2 session has been authenticated, calling Connect-YubikeyFIDO2...");
-                var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-YubikeyFIDO2");
+                WriteDebug("No YubiKey selected, calling Connect-Yubikey...");
+                var myPowersShellInstance = PowerShell.Create(RunspaceMode.CurrentRunspace).AddCommand("Connect-Yubikey");
                 if (this.MyInvocation.BoundParameters.ContainsKey("InformationAction"))
                 {
                     myPowersShellInstance = myPowersShellInstance.AddParameter("InformationAction", this.MyInvocation.BoundParameters["InformationAction"]);
                 }
                 myPowersShellInstance.Invoke();
-                if (YubiKeyModule._fido2PIN is null)
-                {
-                    throw new Exception("Connect-YubikeyFIDO2 failed to the FIDO2 applet!");
-                }
+                WriteDebug($"Successfully connected");
             }
 
-
             // Check if running as Administrator
             if (Windows.IsRunningAsAdministrator() == false)
             {
@@ -41,7 +37,6 @@ protected override void ProcessRecord()
         {
             using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!))
             {
-                fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate;
 
                 AuthenticatorInfo info = fido2Session.AuthenticatorInfo;
                 WriteObject(new Information(info));

diff --git a/Module/Cmdlets/Fido/GetYubikeyFIDO2Credentials.cs b/Module/Cmdlets/Fido/GetYubikeyFIDO2Credentials.cs
@@ -7,7 +7,8 @@
 
 namespace powershellYK.Cmdlets.Fido
 {
-    [Cmdlet(VerbsCommon.Get, "YubikeyFIDO2Credentials")]
+    [Alias("Get-YubikeyFIDO2Credentials")]
+    [Cmdlet(VerbsCommon.Get, "YubikeyFIDO2Credential")]
 
     public class GetYubikeyFIDO2CredentialsCommand : PSCmdlet
     {
@@ -41,44 +42,26 @@ protected override void ProcessRecord()
             using (var fido2Session = new Fido2Session((YubiKeyDevice)YubiKeyModule._yubikey!))
             {
                 fido2Session.KeyCollector = YubiKeyModule._KeyCollector.YKKeyCollectorDelegate;
+                var relyingParties = fido2Session.EnumerateRelyingParties();
 
-                var RelyingParties = fido2Session.EnumerateRelyingParties();
-
-                if (!RelyingParties.Any()) // Check if there are no relying parties
+                if (!relyingParties.Any()) // Check if there are no relying parties
                 {
                     WriteWarning("No credentials found on the YubiKey.");
                     return;
                 }
                 else
                 {
-                    foreach (RelyingParty RelyingParty in RelyingParties)
+                    foreach (RelyingParty relyingParty in relyingParties)
                     {
-                        WriteDebug($"Enumerating credentials for {RelyingParty.Id}.");
-                        IReadOnlyList<CredentialUserInfo> relayCredentials;
-                        try
-                        {
-                            relayCredentials = fido2Session.EnumerateCredentialsForRelyingParty(RelyingParty);
-                        }
-                        catch (NotSupportedException e)
-                        {
-                            WriteWarning($"Failed to enumerate credentials for {RelyingParty.Id}: {e.Message}, SDK might not support algorithm.");
-                            continue;
-                        }
+                        var relayCredentials = fido2Session.EnumerateCredentialsForRelyingParty(relyingParty);
                         foreach (CredentialUserInfo user in relayCredentials)
                         {
-                            Credentials credentials = new Credentials
-                            {
-                                Site = RelyingParty.Id,
-                                Name = user.User.Name,
-                                DisplayName = user.User.DisplayName,
-                                coseKey = user.CredentialPublicKey,
-                            };
-                            WriteObject(credentials);
+                            Credential credential = new Credential(RPId: relyingParty.Id, UserName: user.User.Name, DisplayName: user.User.DisplayName, CredentialID: user.CredentialId);
+                            WriteObject(credential);
                         }
                     }
                 }
             }
         }
-
     }
 }
diff --git a/Module/Cmdlets/PIV/RemoveYubikeyPIVKey.cs b/Module/Cmdlets/PIV/RemoveYubikeyPIVKey.cs
@@ -11,7 +11,7 @@ public class RemoveYubiKeyPIVKeyCmdlet : Cmdlet
     {
         [ArgumentCompletions("\"PIV Authentication\"", "\"Digital Signature\"", "\"Key Management\"", "\"Card Authentication\"", "0x9a", "0x9c", "0x9d", "0x9e")]
         [ValidateYubikeyPIVSlot(DontAllowAttestion = true)]
-        [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "What slot to move a key from")]
+        [Parameter(Mandatory = true, ValueFromPipeline = false, HelpMessage = "What slot to remove a key from")]
         public PIVSlot Slot { get; set; }
         protected override void BeginProcessing()
         {

diff --git a/Module/powershellYK.psd1 b/Module/powershellYK.psd1
@@ -83,7 +83,7 @@ CmdletsToExport = @(
  'Connect-YubikeyFIDO2',
  'Enable-YubikeyFIDO2EnterpriseAttestation',
  'Get-YubikeyFIDO2',
- 'Get-YubikeyFIDO2Credentials',
+ 'Get-YubikeyFIDO2Credential',
  'Set-YubikeyFIDO2',
  'Set-YubikeyFIDO2PIN',
  'Reset-YubikeyFIDO2',

diff --git a/Module/types/FIDO2-Credentials.cs b/Module/types/FIDO2-Credentials.cs
@@ -4,17 +4,36 @@
 using System.Management.Automation;
 using Yubico.YubiKey.Fido2;
 using Yubico.YubiKey.Fido2.Cose;
+using static Microsoft.ApplicationInsights.MetricDimensionNames.TelemetryContext;
 
 namespace powershellYK.FIDO2
 {
-    public class Credentials
+    public class Credential
     {
-        public string? Site { get; set; }
-        public string? Name { get; set; }
-        public string? DisplayName { get; set; }
-        //        public CredentialId? CredentialID { get; set; }
+        public string? DisplayName { get; private set; }
+        public string? UserName { get; private set; }
+        public string? RPId { get; private set; }
+        public string? CredID
+        {
+            get
+            {
+                byte[] credentialIdBytes = CredentialID.Id.ToArray();
+
+                string credentialIdBase64 = Convert.ToBase64String(credentialIdBytes);
+                return credentialIdBase64;
+            }
+        }
+        [Hidden]
+        public CredentialId CredentialID { get; private set; }
         [Hidden]
         public CoseKey? coseKey { get; set; }
 
+        public Credential(string RPId, string? UserName, string? DisplayName, CredentialId CredentialID)
+        {
+            this.RPId = RPId;
+            this.UserName = UserName;
+            this.DisplayName = DisplayName;
+            this.CredentialID = CredentialID;
+        }
     }
 }