5.2.4 Verify
Command
The Verify
command takes an ECDSA [R,S] signature and verifies that it
is correctly generated given an input message digest and public key. In all cases, the
signature is an input to the command. The public key can be either stored on the device
or provided as an input.
An optional MAC can be returned from the Verify
command to defeat any
man-in-the-middle attacks. If the verify calculation shows that the signature is
correctly generated from the input digest, a MAC will be computed based on an input
nonce stored in TempKey and the value of the I/O protection secret, which is stored in
both the ATECC608B-TNGTLS and the host MCU. MAC outputs can
only be generated in External and Stored modes. The I/O protection function must be
enabled for MAC computation.