Certificate chain question
Posted by wiinub
|
Certificate chain question August 21, 2010 05:29AM | Registered: 13 years ago Posts: 2 |
Hi, I'm very new to the wii and to this forum so please excuse me if this post is misplaced.
I'm playing around with the wii disk format following the documentation on the wiki.
So far I'm just parsing the partition data and doing sha1 verification from h0 to h3.
That was quite a lot of fun and everything works.
Then the wiki says the h3 in signed. However i couln't figure how it's signed.
Presuming it's got soemthing to do with the cert chain, I started looking at it but got soon quite stuck.
If I've got it right, the chain starts with the type (which i presume is always 0x10000) then there is the signature and the the issuer (which again should always be Root).
The rest of the chain should be signed with the root ca key which I found on hackmii - btw the format is not specified, I presume it's a 4096 bit modulus with a 65537 exp appended. Am I that correct?
However, I can't seem to be able to verify the digest.
I'm using openssl with something like:
RSA_verify(NID_sha1, &cert_chain[0x280], cert_chian_size-0x280, &cert_chain[4], 0x200, public_key)
where cert_chain is a pointer to the chain, cert_chian_size is its size and public_key is the key from hackmii.
For the recors, verification fails with RSA_verify:bad signature...
If I ever manage to sort this out, I'd have a second question. The following key in the chain (i.e. CA00000001) looks again in the modulus + exp (00 01 00 01) format. However the size seems a bit weird to me: a 260 byte long modulus + 4 bytes for the exp.
Am I missing something?
Thanks a lot!
I'm playing around with the wii disk format following the documentation on the wiki.
So far I'm just parsing the partition data and doing sha1 verification from h0 to h3.
That was quite a lot of fun and everything works.
Then the wiki says the h3 in signed. However i couln't figure how it's signed.
Presuming it's got soemthing to do with the cert chain, I started looking at it but got soon quite stuck.
If I've got it right, the chain starts with the type (which i presume is always 0x10000) then there is the signature and the the issuer (which again should always be Root).
The rest of the chain should be signed with the root ca key which I found on hackmii - btw the format is not specified, I presume it's a 4096 bit modulus with a 65537 exp appended. Am I that correct?
However, I can't seem to be able to verify the digest.
I'm using openssl with something like:
RSA_verify(NID_sha1, &cert_chain[0x280], cert_chian_size-0x280, &cert_chain[4], 0x200, public_key)
where cert_chain is a pointer to the chain, cert_chian_size is its size and public_key is the key from hackmii.
For the recors, verification fails with RSA_verify:bad signature...
If I ever manage to sort this out, I'd have a second question. The following key in the chain (i.e. CA00000001) looks again in the modulus + exp (00 01 00 01) format. However the size seems a bit weird to me: a 260 byte long modulus + 4 bytes for the exp.
Am I missing something?
Thanks a lot!
|
Re: Certificate chain question August 23, 2010 04:57PM | Registered: 13 years ago Posts: 2 |
Sorry, only registered users may post in this forum.