# Difference between revisions of "Certificates"

Jump to navigation
Jump to search

Line 56: | Line 56: | ||

|- | |- | ||

| 0x0 | | 0x0 | ||

− | | RSA_4096 | + | | RSA_4096 |

|- | |- | ||

| 0x1 | | 0x1 | ||

Line 62: | Line 62: | ||

|- | |- | ||

| 0x2 | | 0x2 | ||

− | | Elliptic Curve | + | | Elliptic Curve |

|} | |} | ||

=== RSA === | === RSA === | ||

− | This contains the Public Key(i.e. Modulus & Public Exponent) | + | This contains the Public Key(i.e. Modulus & Public Exponent) |

+ | ==== 4096 Bit ==== | ||

+ | {| class="wikitable" | ||

+ | |- | ||

+ | ! Offset | ||

+ | ! Size | ||

+ | ! Description | ||

+ | |- | ||

+ | | 0x0 | ||

+ | | 0x200 | ||

+ | | Modulus | ||

+ | |- | ||

+ | | 0x200 | ||

+ | | 0x4 | ||

+ | | Public Exponent | ||

+ | |- | ||

+ | | 0x204 | ||

+ | | 0x34 | ||

+ | | Padding | ||

+ | |} | ||

+ | |||

+ | ==== 2048 Bit ==== | ||

{| class="wikitable" | {| class="wikitable" | ||

|- | |- | ||

Line 83: | Line 104: | ||

| 0x104 | | 0x104 | ||

| 0x34 | | 0x34 | ||

+ | | Padding | ||

+ | |} | ||

+ | |||

+ | === ECC === | ||

+ | This contains the ECC public key, and is as follows: | ||

+ | |||

+ | {| class="wikitable" | ||

+ | |- | ||

+ | ! Offset | ||

+ | ! Size | ||

+ | ! Description | ||

+ | |- | ||

+ | | 0x0 | ||

+ | | 0x3C | ||

+ | | Public Key | ||

+ | |- | ||

+ | | 0x3C | ||

+ | | 0x3C | ||

| Padding | | Padding | ||

|} | |} |

## Revision as of 09:18, 2 August 2013

## Overview

Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.

## Format

Offset | Size | Description |
---|---|---|

0x0 | 0x4 | Signature Type |

0x4 | X | Signature with Padding (aligning next data to 0x40 bytes) |

0x4 + X | 0x40 | Issuer |

0x44 + X | 0x4 | Key Type |

0x48 + X | 0x40 | Name |

0x88 + X | 0x4 | Unknown |

0x8C + X | * | Public Key |

## Signature

The signature method used to sign the certificate can be determined by checking the Signature Type:

Value | Signature Method | Signature Size | Padding Size |
---|---|---|---|

0x010000 | RSA_4096 SHA1 (Unused for 3DS) | 0x200 | 0x3C |

0x010001 | RSA_2048 SHA1 (Unused for 3DS) | 0x100 | 0x3C |

0x010002 | Elliptic Curve with SHA1 (Unused for 3DS) | 0x3C | 0x40 |

0x010003 | RSA_4096 SHA256 | 0x200 | 0x3C |

0x010004 | RSA_2048 SHA256 | 0x100 | 0x3C |

0x010005 | ECDSA with SHA256 | 0x3C | 0x40 |

The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).

## Public Key

Determining the type of public key stored, is done by checking the key type:

Value | Key Type |
---|---|

0x0 | RSA_4096 |

0x1 | RSA_2048 |

0x2 | Elliptic Curve |

### RSA

This contains the Public Key(i.e. Modulus & Public Exponent)

#### 4096 Bit

Offset | Size | Description |
---|---|---|

0x0 | 0x200 | Modulus |

0x200 | 0x4 | Public Exponent |

0x204 | 0x34 | Padding |

#### 2048 Bit

Offset | Size | Description |
---|---|---|

0x0 | 0x100 | Modulus |

0x100 | 0x4 | Public Exponent |

0x104 | 0x34 | Padding |

### ECC

This contains the ECC public key, and is as follows:

Offset | Size | Description |
---|---|---|

0x0 | 0x3C | Public Key |

0x3C | 0x3C | Padding |