GenDig
CommandThe GenDig
command uses a SHA-256 Hash to combine a stored
or input value with the contents of TempKey, which must be validated prior to the
execution of this command. The stored value can come from one of the data slots, the
Configuration zone, either of the OTP pages, or the monotonic counters. The specific
mode of the device determines which data is to be included in the GenDig calculation.
In some cases, it is required to run the GenDig
prior to the
execution of some commands. The command can be run multiple times to include more data
in the digest prior to executing a given command. The resulting digest is retained in
TempKey and can be used in one of four ways:
MAC
, Sign
or
CheckMac
commands. Because the MAC response output incorporates
both the data used in the GenDig calculation and the secret key from the
MAC
command, it serves to authenticate the data stored in the
Data and/or OTP zones.Read
or
Write
command can use the digest to provide authentication
and/or confidentiality for the data, in which case it is known as a data protection
digest.