5.2.5.3 Verify - Validate and Invalidate

The Verify command can be used to validate or invalidate a public key. Only those public keys whose access policies require validation need to go through this process. Prior to a public key being used to verify a signature, it must be validated. If a validated public key needs to be updated, then it needs to be invalidated prior to being written. Only internally stored public keys can be validated or invalidated. The status of a public key is stored in the most significant nibble of byte 0 of the public key slot.

For the ATECC608A-TFLXTLS device, Slot 14 contains a validated public key.

Procedure for Validating or Invalidating a Public Key

1. Using GenKey, generate a digest of the public key to be validated or invalidated and store it in TempKey.
2. OtherData[18:0] bytes must be the same as the bytes that were used when calculating the original signature.
   • OtherData[17][0] = 0 if you are going to validate the key
   • OtherData[17][0] = 1 if you are going to invalidate the key
   • This bit must match the Mode[2] value of the Verify Validate or Invalidate command or an error will occur.
   Note: The message is created in the same manner as for the Internal mode of the Sign command, but it uses the OtherData[18:0] bytes.
3. Issue the Verify Validate or Invalidate command, including the signature R and S values and the OtherData bytes.
4. Upon successful validation or invalidation, a code of 0x00 will be returned and bits [7:4] of the LSB of the slot will be set.