5.2.1.1 ECDH - Stored Key

The ECDH command may use an internal data slot as its ECC private key source. The slot must have its access policies configured such that the slot is an ECC private key and that the ECDH command is allowed. Access policies may also specify whether or not the output will be stored, encrypted or allow the command itself to determine whether the output is stored or encrypted. The IO protection key is used when encryption is required. Encryption can only occur when data is output to the output buffer.

For the ATECC608A-TNGLoRaWAN, the ECDH command may be run using the ECC private keys stored in Slot 1.

Table 5-38. Input Parameters ECDH Stored Key

Opcode
(1 Byte)

Mode
(1 Byte)

KeyId
(2 Bytes)

DataDescription

Data 1
(32 Bytes)

Data 2
(32 Bytes)

0x430x0C0x00 0[Slot]X component of public keyY component of public key
  • Results go to the output buffer
  • Output is in the clear(1)
0x0E0x00 0[Slot]X component of public keyY component of public key
  • Results go to the output buffer
  • Output is encrypted
0x080x00 0[Slot]X component of public keyY component of public key
  • Results stored in TempKey
  • Output is available for other operations but is not directly accessible.
Note:
  1. When the ChipOptions.ECDHPROT value is 1, then the output of the ECDH command will be encrypted in this mode. For the ATECC608A-TNGLoRaWAN the ECDHPROT field is set to 0 and encryption will be dependent upon the mode of the ECDH command.
Table 5-39. Output Response ECDH Stored Key
NameModeSizeDescription
Response0x0C or 0x0E 1 byteError code if command fails
Response0x0C32 bytesShared Master Secret as clear text

Response
OutNonce

0x0E

32 bytes
32 bytes

Shared Master Secret as encrypted text
nonce used for encryption

Response0x081 byte0x00 if successful, otherwise an error code is returned