// This is seemingly so that the PIN isn't sent “in the clear”, over TLS, to localhost.
// We send a key (in the form of 16 bytes) with an ID (the reference),
// the first four bytes are XORed with the next four bytes, and the PIN
// This is seemingly so that the PIN isn't sent “in the clear”, over TLS, to localhost.
// We send a key (in the form of 16 bytes) with an ID (the reference),
// the first four bytes are XORed with the next four bytes, and the PIN