Verify - External Public Key Mode

The Verify command may be used to verify a message generated externally to the ATECC608A-TNGLoRaWAN with a public key that is passed to the command. The output of the command will either be a code indicating success, failure or error or a 32-byte MAC. Prior to this command being run, the message should be written using the Nonce command in Fixed mode to either TempKey or the Message Digest Buffer. In this mode, the device merely accelerates the public key computation and returns a boolean result.

Procedure to Verify a Message with an External Public Key

  1. 1.Write the 32-byte digest of the message to either the TempKey or Message Digest Buffer using the Nonce command in Fixed mode.
  2. 2.Optional: System Nonce - Nonce generated by the system.
    1. 2.1.If the external message digest is stored in TempKey, the nonce generated by the system must be stored in the lower 32 bytes of the Message Digest Buffer.
    2. 2.2.If the external message is stored in the MessageDigestBuffer[31:0], then the System Nonce must be stored in the upper 32 bytes of the MessageDigest Buffer[63:32]. To do this, the external message and nonce value should be written as a 64-byte value.
  3. 3.Issue the Verify command. Include the Mode, KeyID, which specifies the P256 ECC Curve, the 64-byte signature and the 64-byte external public key.
  4. 4.The output will return:
    1. 4.1.One byte success, fail or error code if MAC is not required.
    2. 4.2.A 32-byte MAC if specified by the mode.
Table 1. Command Parameters

Opcode
(1 Byte)

Mode
(1 Byte)

Key ID
(2 Bytes)

Data Field (128 Bytes) Comment

Signature
(64 Bytes)

Public Key
(64 Bytes)

0x45 0x02 0x00 04

R value
S value

X value
Y value

Message stored in TempKey
0x22 0x00 04

R value
S value

X value
Y value

Message stored in Message Digest Buffer
0xA2 0x00 04

R value
S value

X value
Y value

  • Message stored in TempKey
  • System Nonce stored in MDB[31:0]
  • Validation MAC is returned
0x82 0x00 04

R value
S value

X value
Y value

  • Message stored in Message Digest Buffer
  • System Nonce stored in MDB[63:32]
  • Validation MAC is returned
Table 2. Output Response - Verify External
Name Mode Size Response
Response 0x02 or 0x22 1 byte
  • 0x00 - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
0x82 or 0xA2 1 byte or 32 bytes
  • Validation MAC - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
Table 3. Validation MAC - Verify External

Size
(Bytes)

Message in TempKey Message in Message Digest Buffer
32 Contents of the IO protection key Contents of the IO protection key
32 Message stored in TempKey Message stored in the first 32 bytes of the Message Digest Buffer
32 System Nonce stored in the first 32 bytes of the Message Digest Buffer System Nonce stored in the second 32 bytes of the Message Digest Buffer
32 R Data of the passed signature R Data of the passed signature
32 S Data of the passed signature S Data of the passed signature
1 Opcode Opcode
1 Mode Mode
2 Param2 [LSB,MSB] Param2 [LSB,MSB]