3dbrew

Difference between revisions of "Certificates"

Page Discussion
m
(Unknown parameter has use on CTCert Certificates)
 
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
== Overview ==
 
== Overview ==
 
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
 
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
 
The signature method used to sign the certificate can be determined by checking the Signature Type:
 
 
{| class="wikitable"
 
|-
 
! Value
 
! Signature Method
 
! Signature Size (X)
 
|-
 
| 0x010000
 
| RSA_4096 SHA1
 
| 0x200
 
|-
 
| 0x010001
 
| RSA_2048 SHA1
 
| 0x100
 
|-
 
| 0x010002
 
| Elliptic Curve
 
| 0x40
 
|-
 
| 0x010003
 
| RSA_4096 SHA256
 
| 0x200
 
|-
 
| 0x010004
 
| RSA_2048 SHA256
 
| 0x100
 
|}
 
 
The SHA-256 hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
 
  
 
== Format ==
 
== Format ==
Line 47: Line 16:
 
| 0x4
 
| 0x4
 
| X
 
| X
| Signature
+
| Signature with Padding (aligning next data to 0x40 bytes)
 
|-
 
|-
 
| 0x4 + X
 
| 0x4 + X
| 0x3C
 
| Signature Padding(aligning signature with padding to 0x40 bytes)
 
|-
 
| 0x40 + X
 
 
| 0x40
 
| 0x40
 
| Issuer
 
| Issuer
 
|-
 
|-
| 0x80 + X
+
| 0x44 + X
 
| 0x4
 
| 0x4
| Key Type?
+
| Key Type
 
|-
 
|-
| 0x84 + X
+
| 0x48 + X
 
| 0x40
 
| 0x40
 
| Name
 
| Name
 
|-
 
|-
| 0xC4 + X
+
| 0x88 + X
 
| 0x4
 
| 0x4
| Unknown
+
| Expiration time as UNIX Timestamp, used at least for [[CTCert]]
 
|-
 
|-
| 0xC8 + X
+
| 0x8C + X
|  
+
| *
 
| Public Key
 
| Public Key
 
|}
 
|}
 +
 +
== Signature ==
 +
 +
The signature method used to sign the certificate can be determined by checking the Signature Type:
 +
{{Signature Types}}
 +
 +
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
  
 
== Public Key ==
 
== Public Key ==
  
 +
Determining the type of public key stored, is done by checking the key type:
 +
 +
{| class="wikitable"
 +
|-
 +
! Value
 +
! Key Type
 +
|-
 +
| 0x0
 +
| RSA_4096
 +
|-
 +
| 0x1
 +
| RSA_2048
 +
|-
 +
| 0x2
 +
| Elliptic Curve
 +
|}
 
=== RSA ===
 
=== RSA ===
This contains the Public Key(i.e. Modulus & Public Exponent). For RSA-2048 public keys, this section is as follows:
+
This contains the Public Key(i.e. Modulus & Public Exponent)
  
 +
==== 4096 Bit ====
 +
{| class="wikitable"
 +
|-
 +
! Offset
 +
! Size
 +
! Description
 +
|-
 +
| 0x0
 +
| 0x200
 +
| Modulus
 +
|-
 +
| 0x200
 +
| 0x4
 +
| Public Exponent
 +
|-
 +
| 0x204
 +
| 0x34
 +
| Padding
 +
|}
 +
 +
==== 2048 Bit ====
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
Line 95: Line 104:
 
| 0x104
 
| 0x104
 
| 0x34
 
| 0x34
 +
| Padding
 +
|}
 +
 +
=== ECC ===
 +
This contains the ECC public key, and is as follows:
 +
 +
{| class="wikitable"
 +
|-
 +
! Offset
 +
! Size
 +
! Description
 +
|-
 +
| 0x0
 +
| 0x3C
 +
| Public Key
 +
|-
 +
| 0x3C
 +
| 0x3C
 
| Padding
 
| Padding
 
|}
 
|}

Latest revision as of 19:34, 6 August 2020

OverviewEdit

Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.

FormatEdit

Offset Size Description
0x0 0x4 Signature Type
0x4 X Signature with Padding (aligning next data to 0x40 bytes)
0x4 + X 0x40 Issuer
0x44 + X 0x4 Key Type
0x48 + X 0x40 Name
0x88 + X 0x4 Expiration time as UNIX Timestamp, used at least for CTCert
0x8C + X * Public Key

SignatureEdit

The signature method used to sign the certificate can be determined by checking the Signature Type:

Value Signature Method Signature Size Padding Size
0x010000 RSA_4096 SHA1 (Unused for 3DS) 0x200 0x3C
0x010001 RSA_2048 SHA1 (Unused for 3DS) 0x100 0x3C
0x010002 Elliptic Curve with SHA1 (Unused for 3DS) 0x3C 0x40
0x010003 RSA_4096 SHA256 0x200 0x3C
0x010004 RSA_2048 SHA256 0x100 0x3C
0x010005 ECDSA with SHA256 0x3C 0x40

The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).

Public KeyEdit

Determining the type of public key stored, is done by checking the key type:

Value Key Type
0x0 RSA_4096
0x1 RSA_2048
0x2 Elliptic Curve

RSAEdit

This contains the Public Key(i.e. Modulus & Public Exponent)

4096 BitEdit

Offset Size Description
0x0 0x200 Modulus
0x200 0x4 Public Exponent
0x204 0x34 Padding

2048 BitEdit

Offset Size Description
0x0 0x100 Modulus
0x100 0x4 Public Exponent
0x104 0x34 Padding

ECCEdit

This contains the ECC public key, and is as follows:

Offset Size Description
0x0 0x3C Public Key
0x3C 0x3C Padding
Retrieved from "https://www.3dbrew.org/w/index.php?title=Certificates&oldid=21325"