Certificates: Difference between revisions
Jump to navigation
Jump to search
Unknown parameter has use on CTCert Certificates |
|||
| (5 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM. | Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM. | ||
== Format == | == Format == | ||
| Line 21: | Line 16: | ||
| 0x4 | | 0x4 | ||
| X | | X | ||
| Signature | | Signature with Padding (aligning next data to 0x40 bytes) | ||
|- | |- | ||
| 0x4 + X | | 0x4 + X | ||
| 0x40 | | 0x40 | ||
| Issuer | | Issuer | ||
|- | |- | ||
| | | 0x44 + X | ||
| 0x4 | | 0x4 | ||
| Key Type | | Key Type | ||
|- | |- | ||
| | | 0x48 + X | ||
| 0x40 | | 0x40 | ||
| Name | | Name | ||
|- | |- | ||
| | | 0x88 + X | ||
| 0x4 | | 0x4 | ||
| | | Expiration time as UNIX Timestamp, used at least for [[CTCert]] | ||
|- | |- | ||
| | | 0x8C + X | ||
| | | * | ||
| Public Key | | Public Key | ||
|} | |} | ||
== Signature == | |||
The signature method used to sign the certificate can be determined by checking the Signature Type: | |||
{{Signature Types}} | |||
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes). | |||
== Public Key == | == Public Key == | ||
Determining the type of public key stored, is done by checking the key type: | |||
{| class="wikitable" | |||
|- | |||
! Value | |||
! Key Type | |||
|- | |||
| 0x0 | |||
| RSA_4096 | |||
|- | |||
| 0x1 | |||
| RSA_2048 | |||
|- | |||
| 0x2 | |||
| Elliptic Curve | |||
|} | |||
=== RSA === | === RSA === | ||
This contains the Public Key(i.e. Modulus & Public Exponent) | This contains the Public Key(i.e. Modulus & Public Exponent) | ||
==== 4096 Bit ==== | |||
{| class="wikitable" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
|- | |||
| 0x0 | |||
| 0x200 | |||
| Modulus | |||
|- | |||
| 0x200 | |||
| 0x4 | |||
| Public Exponent | |||
|- | |||
| 0x204 | |||
| 0x34 | |||
| Padding | |||
|} | |||
==== 2048 Bit ==== | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Line 69: | Line 104: | ||
| 0x104 | | 0x104 | ||
| 0x34 | | 0x34 | ||
| Padding | |||
|} | |||
=== ECC === | |||
This contains the ECC public key, and is as follows: | |||
{| class="wikitable" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
|- | |||
| 0x0 | |||
| 0x3C | |||
| Public Key | |||
|- | |||
| 0x3C | |||
| 0x3C | |||
| Padding | | Padding | ||
|} | |} | ||
Latest revision as of 20:34, 6 August 2020
Overview
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
Format
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Signature Type |
| 0x4 | X | Signature with Padding (aligning next data to 0x40 bytes) |
| 0x4 + X | 0x40 | Issuer |
| 0x44 + X | 0x4 | Key Type |
| 0x48 + X | 0x40 | Name |
| 0x88 + X | 0x4 | Expiration time as UNIX Timestamp, used at least for CTCert |
| 0x8C + X | * | Public Key |
Signature
The signature method used to sign the certificate can be determined by checking the Signature Type:
| Value | Signature Method | Signature Size | Padding Size |
|---|---|---|---|
| 0x010000 | RSA_4096 SHA1 (Unused for 3DS) | 0x200 | 0x3C |
| 0x010001 | RSA_2048 SHA1 (Unused for 3DS) | 0x100 | 0x3C |
| 0x010002 | Elliptic Curve with SHA1 (Unused for 3DS) | 0x3C | 0x40 |
| 0x010003 | RSA_4096 SHA256 | 0x200 | 0x3C |
| 0x010004 | RSA_2048 SHA256 | 0x100 | 0x3C |
| 0x010005 | ECDSA with SHA256 | 0x3C | 0x40 |
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
Public Key
Determining the type of public key stored, is done by checking the key type:
| Value | Key Type |
|---|---|
| 0x0 | RSA_4096 |
| 0x1 | RSA_2048 |
| 0x2 | Elliptic Curve |
RSA
This contains the Public Key(i.e. Modulus & Public Exponent)
4096 Bit
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 | Modulus |
| 0x200 | 0x4 | Public Exponent |
| 0x204 | 0x34 | Padding |
2048 Bit
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x100 | Modulus |
| 0x100 | 0x4 | Public Exponent |
| 0x104 | 0x34 | Padding |
ECC
This contains the ECC public key, and is as follows:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x3C | Public Key |
| 0x3C | 0x3C | Padding |