Overview
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
The signature method used to sign the certificate can be determined by checking the Signature Type:
| Value
|
Signature Method
|
Signature Size
|
Padding Size
|
| 0x010000
|
RSA_4096 SHA1 (Unused for 3DS)
|
0x200
|
0x3C
|
| 0x010001
|
RSA_2048 SHA1 (Unused for 3DS)
|
0x100
|
0x3C
|
| 0x010002
|
Elliptic Curve with SHA1 (Unused for 3DS)
|
0x3C
|
0x40
|
| 0x010003
|
RSA_4096 SHA256
|
0x200
|
0x3C
|
| 0x010004
|
RSA_2048 SHA256
|
0x100
|
0x3C
|
| 0x010005
|
ECDSA with SHA256
|
0x3C
|
0x40
|
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
Format
| Offset
|
Size
|
Description
|
| 0x0
|
0x4
|
Signature Type
|
| 0x4
|
X
|
Signature
|
| 0x4 + X
|
0x3C
|
Signature Padding(aligning signature with padding to 0x40 bytes)
|
| 0x40 + X
|
0x40
|
Issuer
|
| 0x80 + X
|
0x4
|
Key Type
|
| 0x84 + X
|
0x40
|
Name
|
| 0xC4 + X
|
0x4
|
Unknown
|
| 0xC8 + X
|
|
Public Key
|
Public Key
RSA
This contains the Public Key(i.e. Modulus & Public Exponent). For RSA-2048 public keys, this section is as follows:
| Offset
|
Size
|
Description
|
| 0x0
|
0x100
|
Modulus
|
| 0x100
|
0x4
|
Public Exponent
|
| 0x104
|
0x34
|
Padding
|