5.1.10.2 Data Zone - Encrypted Write
Writes to the Data zone may be encrypted if the slots have been so configured. Only data written to the Data zone may be encrypted. For the ATECC608A-TNGLoRaWAN device, Slot 13 can be written as encrypted text.
All encrypted writes must be done as 32-byte blocks. If a partial block at the end of the zone needs to be encrypted 32 bytes of input, data must still be sent and used as part of the MAC calculation. The address of the write is an actual memory location address and is not a Data slot number.
Opcode |
Mode |
Address |
Input Data |
MAC | Description |
---|---|---|---|---|---|
0x12 | 0x82 | See Section Address Encoding | 32 bytes of encrypted input data | 32 bytes of MAC | 32-byte encrypted write |
Name | Size | Description |
---|---|---|
Response | 1 byte | If successful, it will return a value of 0x00. If unsuccessful, then an error code will be returned. |
Data Encryption
Data must be encrypted by the host system prior to writing the data to
the slot. The encryption algorithm simply XOR’s the clear text data with the value
stored in the TempKey. TempKey must be a result of a GenDig
command. The host system will need to calculate this value that will be used in
parallel with what the ATECC608A-TNGLoRaWAN calculates. The
GenDig
command can be used one or more times when calculating
the XOR value. The final value will be the actual XOR value used for the encryption.
Once the data are encrypted and written, the ATECC608A-TNGLoRaWAN decrypts the value with the value stored in TempKey. The
encrypted write must occur before any other commands that can affect the TempKey
value or before a time-out occurs. In order to validate the encrypted write, a
32-byte MAC value must also be sent with the command.
Input MAC Generation
Write
command.
32 bytes |
TempKey |