MAC
CommandThe Message Authentication Code (MAC
) command is used to generate a
SHA256 digest of a message, which consists of a key stored in the device, a challenge,
and other information on the device. The output of this command is the digest of this
message.
The normal command flow to use this command is as follows:
Nonce
command to load input challenge and optionally combine it with a generated random
number. The result of this operation is a nonce stored internally on the
device.GenDig
command one or more times to combine stored EEPROM
locations in the device with the nonce. The result is stored internally in the
device. This capability permits two or more keys to be used as part of the response
generation.MAC
command
to combine the output of step 1 (and step 2 if desired) with an EEPROM key to
generate an output response (i.e., digest).Alternatively, data in any slot (which does not have to be secret) can be accumulated into the response through the same GenDig mechanism. This has the effect of authenticating the value stored in that location.