5.2.4.2 Verify - Stored Public Key Mode

When using the Verify command in Stored mode, the public key to be used is stored in a data slot and does not need to be passed. Prior to this command being run, the message should be written to TempKey or the Message Digest Buffer using the Nonce command.

Procedure to Verify a Message with a Stored Key

  1. If so required, validate the public key before using the Verify command.
  2. If so required, authorize the public key before use.
  3. Write the 32-byte digest of the message to either the TempKey or Message Digest Buffer using the Nonce command in Fixed mode.
  4. Write the System Nonce to either the lower or upper 32 bytes of the Message Digest Buffer.
    1. If TempKey contains the message digest, then store the System Nonce in the lower 32 bytes of the Message Digest Buffer.
    2. If the message digest is stored in the lower 32 bytes of the Message Digest Buffer, then store the System Nonce in the upper 32 bytes of the Message Digest Buffer. The user needs to write both the message digest and the System Nonce at one time using the Nonce command.
  5. Issue the Verify command. Include the Mode, KeyID, which specifies the public key slot, the 64-byte signature and the slot # of the internal public key.
  6. The output will return:
    1. One byte success, fail or error code if MAC is not required.
    2. A 32-byte MAC, if specified by the mode or an error code, if the command fails.
Table 5-53. Command Parameters

Opcode
(1 Byte)

Mode
(1 Byte)

Public Key
(2 Bytes)

Data Field (64 Bytes)Comment

Signature
(64 Bytes)

0x450x000x00, 0[Slot]

R value
S value

- Message stored in TempKey

0x200x00, 0[Slot]

R value
S value

- Message stored in Message Digest Buffer

0x800x00, 0[Slot]

R value
S value

- Message stored in TempKey
Validation MAC is returned

0xA00x00, 0[Slot]

R value
S value

- Message stored in Message Digest Buffer
Validation MAC is returned

Table 5-54. Output Response - Verify Stored
NameModeSizeResponse
Response0x00 or 0x201 byte
  • 0x00 - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
0x80 or 0xA0

32 bytes
1 byte

  • Validation MAC - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
Table 5-55. Validation MAC - Verify StoredThe validation MAC input locations vary based on where the message is stored.

Size
(Bytes)

Message in TempKeyMessage in Message Digest Bufffer
32Contents of the IO protection keyContents of the IO protection key
32Message from TempKeyFirst 32 bytes message from the Digest Buffer
32System Nonce in the first 32 bytes of the Message Digest BufferSystem Nonce stored in the second 32 bytes of the Message Digest Buffer
32R Data of the passed signatureR Data of the passed signature
32S Data of the passed signatureS Data of the passed signature
1OpcodeOpcode
1ModeMode
2Param2 [LSB,MSB]Param2 [LSB,MSB]