Certificates
Overview
Certificates contain cryptography information for verifying Signatures. These certificates are also signed. The parent/child relationship between certificates, makes all the certificates effectively signed by 'Root', the public key for which is stored in NATIVE_FIRM.
The signature method used to sign the certificate can be determined by checking the Signature Type:
| Value | Signature Method | Signature Size | Padding Size |
|---|---|---|---|
| 0x010000 | RSA_4096 SHA1 (Unused for 3DS) | 0x200 | 0x3C |
| 0x010001 | RSA_2048 SHA1 (Unused for 3DS) | 0x100 | 0x3C |
| 0x010002 | Elliptic Curve with SHA1 (Unused for 3DS) | 0x3C | 0x40 |
| 0x010003 | RSA_4096 SHA256 | 0x200 | 0x3C |
| 0x010004 | RSA_2048 SHA256 | 0x100 | 0x3C |
| 0x010005 | ECDSA with SHA256 | 0x3C | 0x40 |
The hash for the signature is calculated over the actual certificate data(from the start of the "Issuer", to the end of the "Public Key", aligned to 0x40 bytes).
Format
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Signature Type |
| 0x4 | X | Signature |
| 0x4 + X | 0x3C | Signature Padding(aligning signature with padding to 0x40 bytes) |
| 0x40 + X | 0x40 | Issuer |
| 0x80 + X | 0x4 | Key Type? |
| 0x84 + X | 0x40 | Name |
| 0xC4 + X | 0x4 | Unknown |
| 0xC8 + X | Public Key |
Public Key
RSA
This contains the Public Key(i.e. Modulus & Public Exponent). For RSA-2048 public keys, this section is as follows:
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x100 | Modulus |
| 0x100 | 0x4 | Public Exponent |
| 0x104 | 0x34 | Padding |