MAC
CommandThe Message Authentication Code (MAC
) command is used to generate a SHA-256
digest of a message, which consists of a key stored in the device, a challenge and other
information on the device. The output of this command is the digest of this message.
The normal flow to use this command is as follows:
Nonce
command to load the input challenge and optionally combine it with a generated
random number. The result of this operation is a nonce stored internally on the
device.GenDig
command one or more times to combine stored EEPROM
locations in the device with the nonce. The result is stored internally in the
device. This capability permits two or more keys to be used as part of the response
generation.MAC
command
to combine the output of Step 1 (and Step 2, if desired) with an EEPROM key to
generate an output response (i.e., digest).Alternatively, data in any slot (which does not have to be secret) can be accumulated into the response through the same GenDig mechanism. This has the effect of authenticating the value stored in that location.