Changes

| 0x04

| 0x04

| 0x3C

| 0x3C

| ECDSA Signature

| ECDSA Signature using Nintendo's private key, in big-endian.  The first 0x1E bytes are "r"; the second 0x1E bytes are "s".  The hash is SHA-256 computed over this certificate, starting at byte 0x80 ("Cert Issue ID") to the end.

|-

|-

| 0x40

| 0x40

| 0xC4

| 0xC4

| 0x40

| 0x40

| Key ID: "CT<DeviceId>-<ConsoleType>", where DeviceId is the hex [[PSPXI:GetDeviceId|DeviceId]], and ConsoleType is 00 for retail, 01 for dev

| Key ID: "CT<DeviceId>-<ConsoleType>", where DeviceId is the hex [[PSPXI:GetDeviceId|DeviceId]], and ConsoleType is 00 for retail, any other single byte hex value for dev

|-

|-

| 0x104

| 0x104

| 0x04

| 0x04

| ?

| Expiration time as UNIX Timestamp in big endian.

|-

|-

| 0x108

| 0x108

| 0x3C

| 0x3C

| ECDSA Public Key. This is two consecutive u8 arrays (each one of length 0x1E), where the first one corresponds to the ECDSA R coordinate, and the second to ECDSA S coordinate. These are in '''big''' endian.

| ECDSA Public Key of this console as a curve point in big-endian. The first 0x1E bytes are "x" of this point; the second 0x1E bytes are "y".

|-

|-

| 0x144

| 0x144

|}

|}

The ECDSA public key for this cert is converted from the ECDSA private key initialized by bootrom.

Boot ROM decrypts [[OTP Registers]] and writes the private key and Nintendo's signature of CTCert to [[Memory_layout#ARM9_ITCM|ARM9 ITCM]]; the public key is computed from the private key.

 

The curve used for ECDSA is sect233r1.

The curve used for ECDSA is sect233r1.