Changes

Jump to navigation Jump to search
1,448 bytes added ,  20:16, 17 May 2018
Add certificate chain
Certificate chains are intensively used to sign stuff on the Wii. They are normally preceded by a [[Tmd file structure|TMD file]] or a [[Ticket]] and are used to verify their signature up to the root key. Most chains contain three certificates, each padded to 0x40.
 
Certificates are also used to sign game savedata that is copied to the SD card. Saves are signed by Root-CA00000001-MS00000002-NGxxxxxxxx-AP0000000100000002 where AP is the system menu application cert (ECC/ECC public key), NG the device specific cert (ECC/ECC public key).
 
=== Certificates ===
{| class="wikitable"
! Certificate
! Signature type
! Public key type
! Cert name
! Description
|-
| Root
| RSA-4096
| RSA-4096
| Root
| Root certificate stored in the IOS kernel, in the IOSC section
|-
| CA
| RSA-4096
| RSA-2048
| CA00000001
| Used to verify XS, CP, MS certs (issued by Root)
|-
| CA
| RSA-4096
| RSA-2048
| CA00000002
| Unused? (issued by Root)
|-
| Ticket
| RSA-2048
| RSA-2048
| XS00000003
| Used to verify retail tickets (issued by Root-CA00000001)
|-
| Ticket
| RSA-2048
| RSA-2048
| XS00000006
| Used to verify dev tickets (issued by Root-CA00000001)
|-
| TMD
| RSA-2048
| RSA-2048
| CP00000004
| Used to verify TMDs (issued by Root-CA00000001)
|-
| Device cert issuer
| RSA-2048
| ECC-B233
| MS00000002
| Used to verify device certificates (issued by Root-CA00000001)
|-
| Device cert issuer
| RSA-2048
| ECC-B233
| MS00000003
| Unused? (issued by Root-CA00000001)
|-
| Device cert
| ECC-B233
| ECC-B233
| NG%08x (device ID)
| Used to verify AP certs (issued by Root-CA00000001-MS00000002)
|-
| Application
| ECC-B233
| ECC-B233
| AP%016lx (title ID)
| Used to verify savedata (issued by Root-CA00000001-MS00000002-NG%08x)
|}
=== Child/Parent ===
219

edits

Navigation menu