SpringCore Direct ATCRYPTO class

The ATCRYPTO class conveys direct commands to a Atmel/MicroChip ATECC608A or ATECC132A Secure Element, if the device has either.

Most of the instructions in this class are disabled when the device goes out of factory thanks to the “Lock ATCRYPTO” flag in the Fuses.

CLA value

The ATCRYPTO class uses CLA=59.

The commands and the responses use the same format.

Field	Length	Description / remark
Header	4 or 6 bytes	CLA = `59`, LEN = length of Data
INS / STA	1 byte	Command: opcode of the INStruction Response: STAtus
Data	0 or more bytes	Command data Response data

Note

The length of the Command is not transmitted, as it can be deduced from the CCID header.

Item	Length	Description / remark
STA	1 byte	STAtus
Data	0 or more bytes	Response data

Note

The length of the Response is not transmitted, as it can be deduced from the CCID header.

The CLA byte is not transmitted.

The INS opcodes are defined below:

INS	Name	Description	Remark
`00`	INIT	Initialize the ATECC or ATAES	Factory only
`01`	BLANK	Erase all keys in the ATECC or ATAES	Factory only
`10`	SET KEY USER	Set the HostCommUserKey	Factory only, ATAES only
`11`	SET KEY ADMIN	Set the HostCommAdminKey	Factory only, ATAES only
`41`	SET_PRIVATE_KEY	Write an ECC P-256 private key into the SE	ATECC only
`42`	GENERATE_PRIVATE_KEY	Generate an ECC P-256 private key inside the SE	ATECC only
`43`	GET_PUBLIC KEY	Read the public key associated to a private key	ATECC only
`46`	SIGN	Compute an ECC signature	ATECC only
`47`	HASH_AND SIGN	Compute an ECC signature	ATECC only
`48`	ECDH	Run the Diffie-Hellman agreement	ATECC only
`4E`	GET CSR	Get a certificate signing request (CSR) for the specified key with its default subject	ATECC only
`4F`	GET CSR EX	Get a certificate signing request (CSR) for the specified key with an arbitrary subject	ATECC only

The STA values are defines below:

STA	Name	Description
`00`	MI_OK	Success