Difference between revisions of "Certificates"
Jump to navigation
Jump to search
m |
(Unknown parameter has use on CTCert Certificates) |
||
| (7 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Overview == | == Overview == | ||
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM. | Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM. | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Format == | == Format == | ||
| Line 47: | Line 16: | ||
| 0x4 | | 0x4 | ||
| X | | X | ||
| − | | Signature | + | | Signature with Padding (aligning next data to 0x40 bytes) |
|- | |- | ||
| 0x4 + X | | 0x4 + X | ||
| − | |||
| − | |||
| − | |||
| − | |||
| 0x40 | | 0x40 | ||
| Issuer | | Issuer | ||
|- | |- | ||
| − | | | + | | 0x44 + X |
| 0x4 | | 0x4 | ||
| − | | Key Type | + | | Key Type |
|- | |- | ||
| − | | | + | | 0x48 + X |
| 0x40 | | 0x40 | ||
| Name | | Name | ||
|- | |- | ||
| − | | | + | | 0x88 + X |
| 0x4 | | 0x4 | ||
| − | | | + | | Expiration time as UNIX Timestamp, used at least for [[CTCert]] |
|- | |- | ||
| − | | | + | | 0x8C + X |
| − | | | + | | * |
| Public Key | | Public Key | ||
|} | |} | ||
| + | |||
| + | == Signature == | ||
| + | |||
| + | The signature method used to sign the certificate can be determined by checking the Signature Type: | ||
| + | {{Signature Types}} | ||
| + | |||
| + | The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes). | ||
== Public Key == | == Public Key == | ||
| + | Determining the type of public key stored, is done by checking the key type: | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Value | ||
| + | ! Key Type | ||
| + | |- | ||
| + | | 0x0 | ||
| + | | RSA_4096 | ||
| + | |- | ||
| + | | 0x1 | ||
| + | | RSA_2048 | ||
| + | |- | ||
| + | | 0x2 | ||
| + | | Elliptic Curve | ||
| + | |} | ||
=== RSA === | === RSA === | ||
| − | This contains the Public Key(i.e. Modulus & Public Exponent) | + | This contains the Public Key(i.e. Modulus & Public Exponent) |
| + | ==== 4096 Bit ==== | ||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Offset | ||
| + | ! Size | ||
| + | ! Description | ||
| + | |- | ||
| + | | 0x0 | ||
| + | | 0x200 | ||
| + | | Modulus | ||
| + | |- | ||
| + | | 0x200 | ||
| + | | 0x4 | ||
| + | | Public Exponent | ||
| + | |- | ||
| + | | 0x204 | ||
| + | | 0x34 | ||
| + | | Padding | ||
| + | |} | ||
| + | |||
| + | ==== 2048 Bit ==== | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Line 95: | Line 104: | ||
| 0x104 | | 0x104 | ||
| 0x34 | | 0x34 | ||
| + | | Padding | ||
| + | |} | ||
| + | |||
| + | === ECC === | ||
| + | This contains the ECC public key, and is as follows: | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Offset | ||
| + | ! Size | ||
| + | ! Description | ||
| + | |- | ||
| + | | 0x0 | ||
| + | | 0x3C | ||
| + | | Public Key | ||
| + | |- | ||
| + | | 0x3C | ||
| + | | 0x3C | ||
| Padding | | Padding | ||
|} | |} | ||
Latest revision as of 20:34, 6 August 2020
Overview[edit]
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
Format[edit]
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Signature Type |
| 0x4 | X | Signature with Padding (aligning next data to 0x40 bytes) |
| 0x4 + X | 0x40 | Issuer |
| 0x44 + X | 0x4 | Key Type |
| 0x48 + X | 0x40 | Name |
| 0x88 + X | 0x4 | Expiration time as UNIX Timestamp, used at least for CTCert |
| 0x8C + X | * | Public Key |
Signature[edit]
The signature method used to sign the certificate can be determined by checking the Signature Type:
| Value | Signature Method | Signature Size | Padding Size |
|---|---|---|---|
| 0x010000 | RSA_4096 SHA1 (Unused for 3DS) | 0x200 | 0x3C |
| 0x010001 | RSA_2048 SHA1 (Unused for 3DS) | 0x100 | 0x3C |
| 0x010002 | Elliptic Curve with SHA1 (Unused for 3DS) | 0x3C | 0x40 |
| 0x010003 | RSA_4096 SHA256 | 0x200 | 0x3C |
| 0x010004 | RSA_2048 SHA256 | 0x100 | 0x3C |
| 0x010005 | ECDSA with SHA256 | 0x3C | 0x40 |
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
Public Key[edit]
Determining the type of public key stored, is done by checking the key type:
| Value | Key Type |
|---|---|
| 0x0 | RSA_4096 |
| 0x1 | RSA_2048 |
| 0x2 | Elliptic Curve |
RSA[edit]
This contains the Public Key(i.e. Modulus & Public Exponent)
4096 Bit[edit]
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x200 | Modulus |
| 0x200 | 0x4 | Public Exponent |
| 0x204 | 0x34 | Padding |
2048 Bit[edit]
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x100 | Modulus |
| 0x100 | 0x4 | Public Exponent |
| 0x104 | 0x34 | Padding |
ECC[edit]
This contains the ECC public key, and is as follows:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x3C | Public Key |
| 0x3C | 0x3C | Padding |