5.2.1.1 ECDH - Stored Key
The ECDH
command may use an internal data slot as its ECC private
key source. The slot must have its access policies configured such that the slot is an
ECC private key and that the ECDH
command is allowed. Access policies
may also specify whether or not the output will be stored, encrypted or allow the
command itself to determine whether the output is stored or encrypted. The IO protection
key is used when encryption is required. Encryption can only occur when data is output
to the output buffer.
For the
ATECC608A-TNGLoRaWAN, the ECDH
command may
be run using the ECC private keys stored in Slot 1.
Opcode |
Mode |
KeyId | Data | Description | |
---|---|---|---|---|---|
Data 1 |
Data 2 | ||||
0x43 | 0x0C | 0x00 0[Slot] | X component of public key | Y component of public key |
|
0x0E | 0x00 0[Slot] | X component of public key | Y component of public key |
| |
0x08 | 0x00 0[Slot] | X component of public key | Y component of public key |
|
- When the ChipOptions.ECDHPROT
value is 1, then the output of the
ECDH
command will be encrypted in this mode. For the ATECC608A-TNGLoRaWAN the ECDHPROT field is set to 0 and encryption will be dependent upon the mode of theECDH
command.
Name | Mode | Size | Description |
---|---|---|---|
Response | 0x0C or 0x0E | 1 byte | Error code if command fails |
Response | 0x0C | 32 bytes | Shared Master Secret as clear text |
Response | 0x0E |
32 bytes |
Shared Master Secret as encrypted text |
Response | 0x08 | 1 byte | 0x00 if successful, otherwise an error code is returned |