Documentation updates for release 1.11.

[equijano21]

Description

Documentation updates for release 1.11.

Type of change

API doc (.cs) and user's manual doc (.md and .yml) updates.

How has this been tested?

Built docs locally.

[github-actions]

Test Results: Windows

    2 files      2 suites   4s ⏱️
3 700 tests 3 700 ✅ 0 💤 0 ❌
3 702 runs  3 702 ✅ 0 💤 0 ❌

Results for commit b47bcff.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results: Ubuntu

    2 files      2 suites   9s ⏱️
3 692 tests 3 692 ✅ 0 💤 0 ❌
3 694 runs  3 694 ✅ 0 💤 0 ❌

Results for commit b47bcff.

♻️ This comment has been updated with latest results.

[github-actions]

Test Results: MacOS

    2 files      2 suites   3s ⏱️
3 692 tests 3 692 ✅ 0 💤 0 ❌
3 694 runs  3 694 ✅ 0 💤 0 ❌

Results for commit b47bcff.

♻️ This comment has been updated with latest results.

[equijano21]

Added some links and info, reworded things, and moved a few bullet points around.

[equijano21]

Some of the new APDU articles hadn't made it into the TOC yet.

[equijano21]

Reworked this article to improve clarity and flow. Added lots of relevant links.

[equijano21]

Had to add these to fix a weird problem where the rest of the remarks section (lines 127-145) was formatted as a code box instead of a regular paragraph.

[equijano21]

Assuming this was referring to the PIV PIN, but please correct if wrong.

[AdamVe]

That is correct 👍🏻

[DennisDyallo]

as soon as possible

is there a time aspect to this?

If not, perhaps it should read:

In that case, the client must use the PIV PIN verification in order to unblock the Yubikey and proceed operations.

[AdamVe]

I think we should change this a little bit.
If the instruction is called without any data, it queries the YubiKey for the verification state of biometrics. In the case of unverified state, the YubiKey will respond with 63 CX, in the case of a verified state 90 00.
When the state is unverified, the biometrics should not be used, but the PIN verification should be used.

[DennisDyallo]

I see. But isn't this addressed below in the document on line 55 and onwards?

[equijano21]

I added the info about PIV PIN verification and a link to the relevant APDU page to line 59: 0d76f0b. Let me know if this is sufficient.

[AdamVe]

I reviewed the implementation documentation again and the addition in 0d76f0b could be improved, mentioning that: If all the biometric match retries have been used up, then a 0x6983 error is returned instead. That error is called AuthenticationMethodBlocked.

For the line 25 in this review (where I marked this comment), the line is changed from "for checking the biometric state" to "the biometric state has been checked". I don't think this is accurate as when we call the instruction nothing has been checked yet - we are instructing the YubiKey to response to us what the current verification state of biometrics is.

[equijano21]

Thanks for catching that, Adam! The tense of the other two lines threw me.

Changes made here: ab28b45. Let me know if this covers it.

[AdamVe]

This looks very good now :) Thank you.

[AdamVe]

Thank you for the changes, it looks good to me. Before merging, the verify-uv file for the "none" case could be updated.

[DennisDyallo]

Great work @equijano21 . I think it looks very good. It's like it actually makes sense to the end user now somehow... :)

[DennisDyallo]

Suggested change

	00 | 20 | 00 | 96 | *variable* | *variable* | (absent)
	| CLA | INS | P1 | P2 | Lc | Data | Le |
	|:---:|:---:|:--:|:--:|:----------:|:----------:|:--------:|
	| 00 | 20 | 00 | 96 | *variable* | *variable* | (absent) |

[DennisDyallo]

The table seems to be missing the |s and correct number of padding columns making it not a fully valid markdown table. I have pasted a suggestion which should work.

[equijano21]

Weirdly enough, it doesn't seem to matter whether those extra "|" are there or not--the table still looks and behaves the same (when changing the window size). All of the tables in all of the PIV APDU files are formatted this way, but if you want me to change it, I can do it for everything. Just let me know.

[DennisDyallo]

Ok, no need. I guess that most markdown processors handle the invalid format still.
I'm in the process of doing in in another commit where I address all of the incorrectly formatted tables in all the other markdown files.

[DennisDyallo]

I see. But isn't this addressed below in the document on line 55 and onwards?

[DennisDyallo]

as soon as possible

is there a time aspect to this?

If not, perhaps it should read:

In that case, the client must use the PIV PIN verification in order to unblock the Yubikey and proceed operations.

[equijano21]

Great work @equijano21 . I think it looks very good. It's like it actually makes sense to the end user now somehow... :)

Thanks, Dennis! Really appreciate the feedback :)

[AdamVe]

LGTM!

[DennisDyallo]

Improving sensitive-data.md to address #70

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
Yubico.Core	42%	31%	4257	➖
Yubico.YubiKey	50%	47%	19089	➖
Summary	49% (31993 / 65943)	44% (8185 / 18519)	23346	➖

Minimum allowed line rate is 40%