3dbrew

Certificates: Difference between revisions

← Older edit
3dsguy (talk | contribs)
839 edits
mNo edit summary
Luigoalma (talk | contribs)
Trusted
26 edits
Unknown parameter has use on CTCert Certificates
 
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Overview ==
== Overview ==
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
The signature method used to sign the certificate can be determined by checking the Signature Type:
{| class="wikitable"
|-
! Value
! Signature Method
! Signature Size (X)
|-
| 0x010000
| RSA_4096 SHA1
| 0x200
|-
| 0x010001
| RSA_2048 SHA1
| 0x100
|-
| 0x010002
| Elliptic Curve
| 0x40
|-
| 0x010003
| RSA_4096 SHA256
| 0x200
|-
| 0x010004
| RSA_2048 SHA256
| 0x100
|}
The SHA-256 hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).


== Format ==
== Format ==
Line 47: Line 16:
| 0x4
| 0x4
| X
| X
| Signature
| Signature with Padding (aligning next data to 0x40 bytes)
|-
|-
| 0x4 + X
| 0x4 + X
| 0x3C
| Signature Padding(aligning signature with padding to 0x40 bytes)
|-
| 0x40 + X
| 0x40
| 0x40
| Issuer
| Issuer
|-
|-
| 0x80 + X
| 0x44 + X
| 0x4
| 0x4
| Key Type?
| Key Type
|-
|-
| 0x84 + X
| 0x48 + X
| 0x40
| 0x40
| Name
| Name
|-
|-
| 0xC4 + X
| 0x88 + X
| 0x4
| 0x4
| Unknown
| Expiration time as UNIX Timestamp, used at least for [[CTCert]]
|-
|-
| 0xC8 + X
| 0x8C + X
|  
| *
| Public Key
| Public Key
|}
|}
== Signature ==
The signature method used to sign the certificate can be determined by checking the Signature Type:
{{Signature Types}}
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).


== Public Key ==
== Public Key ==


Determining the type of public key stored, is done by checking the key type:
{| class="wikitable"
|-
! Value
! Key Type
|-
| 0x0
| RSA_4096
|-
| 0x1
| RSA_2048
|-
| 0x2
| Elliptic Curve
|}
=== RSA ===
=== RSA ===
This contains the Public Key(i.e. Modulus & Public Exponent). For RSA-2048 public keys, this section is as follows:
This contains the Public Key(i.e. Modulus & Public Exponent)


==== 4096 Bit ====
{| class="wikitable"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x200
| Modulus
|-
| 0x200
| 0x4
| Public Exponent
|-
| 0x204
| 0x34
| Padding
|}
==== 2048 Bit ====
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 95: Line 104:
| 0x104
| 0x104
| 0x34
| 0x34
| Padding
|}
=== ECC ===
This contains the ECC public key, and is as follows:
{| class="wikitable"
|-
! Offset
! Size
! Description
|-
| 0x0
| 0x3C
| Public Key
|-
| 0x3C
| 0x3C
| Padding
| Padding
|}
|}
Retrieved from "https://www.3dbrew.org/wiki/Certificates"