Certificates

Overview[edit]

Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.

Format[edit]

Offset	Size	Description
0x0	0x4	Signature Type
0x4	X	Signature with Padding (aligning next data to 0x40 bytes)
0x4 + X	0x40	Issuer
0x44 + X	0x4	Key Type
0x48 + X	0x40	Name
0x88 + X	0x4	Expiration time as UNIX Timestamp, used at least for CTCert
0x8C + X	*	Public Key

Signature[edit]

The signature method used to sign the certificate can be determined by checking the Signature Type:

Value	Signature Method	Signature Size	Padding Size
0x010000	RSA_4096 SHA1 (Unused for 3DS)	0x200	0x3C
0x010001	RSA_2048 SHA1 (Unused for 3DS)	0x100	0x3C
0x010002	Elliptic Curve with SHA1 (Unused for 3DS)	0x3C	0x40
0x010003	RSA_4096 SHA256	0x200	0x3C
0x010004	RSA_2048 SHA256	0x100	0x3C
0x010005	ECDSA with SHA256	0x3C	0x40

The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).

Public Key[edit]

Determining the type of public key stored, is done by checking the key type:

Value	Key Type
0x0	RSA_4096
0x1	RSA_2048
0x2	Elliptic Curve

RSA[edit]

This contains the Public Key(i.e. Modulus & Public Exponent)

4096 Bit[edit]

Offset	Size	Description
0x0	0x200	Modulus
0x200	0x4	Public Exponent
0x204	0x34	Padding

2048 Bit[edit]

Offset	Size	Description
0x0	0x100	Modulus
0x100	0x4	Public Exponent
0x104	0x34	Padding

ECC[edit]

This contains the ECC public key, and is as follows:

Offset	Size	Description
0x0	0x3C	Public Key
0x3C	0x3C	Padding