15
edits
Changes
Wrong info
Line 292:
Line 292:
The footer is mainly used for encryption.+
+
| Unknown+| 0x041
−| 0x238
−| 504
−| NG certificate
−|-
−| 0x239
−| 0x270
−| 56
−| Padding
−|-
−| 0x271
−| 0x275
−| 4
−| Unknown
−|-
−| 0x276
−| 0x46E
−| 504
−| AP certificate
Savegames can be decrypted and unpacked with segher's tachtig and created with his twintig.
Savegames can be decrypted and unpacked with segher's tachtig and created with his twintig.
−== Footer ==
+=== Plaintext certificate chain area ===
−For more information about each certificate layout, please refer to [[Certificate chain|this]] page.
+{| class="wikitable"
{| class="wikitable"
|-
|-
Line 299:
Line 301:
! End
! End
! Length
! Length
−! Description
+! Description
|-
|-
| 0x000
| 0x000
−| 0x03C
+| 0x17F
−| 60
+| 0x180
−| Unknown
+| Copy of the console-specific device certificate (also known as <code>NG</code> certificate), returned by [[:/dev/es|ES_GetDeviceCert]].
|-
|-
−| 0x03D
+| 0x180
−| 0x040
+| 0x2FF
−| 4
+| 0x180
−| Application-specific certificate (also known as <code>AP</code> certificate), dynamically generated during the <code>content.bin</code> file creation.
−|-
−|}
|}
+
+Both certificates hold a trimmed ECDSA signature and a trimmed 0x3C-byte long ECC public key. Both values must be padded with two leading <code>\x00</code> before each coordinate in order to be able to use them as part of crypto functions.
+
+The certificate name/identity from the <code>AP</code> certificate is always set to <code>AP0000000100000002</code>, because it's always generated by the System Menu.
+
+The ECC public key from the <code>AP</code> certificate is nothing more than an ECC shared secret generated using the random ECC private key from this very same certificate.
+
+Finally, the ECDSA signature from the <code>AP</code> certificate is issued by the <code>NG</code> certificate, using the console-specific ECC private key (stored inside the [[Hardware/OTP|OTP]]).
== See Also ==
== See Also ==