But than, how does it work? (i'm curious)
3DS uses RSA I believe, which works on the principle of prime factors. Two large prime numbers are generated, and multiplied together. The prime factors are used to encrypt stuff, and then the public key (the product of the two prime numbers) must be known to decrypt. There is no known efficient method for factorising large numbers, so knowing the public key doesn't allow you to work out the prime factors.
[This is a slightly simplified description of RSA, but the main ideas are represented here. For more info, you might like to have a look at the Wikipedia page:
http://en.wikipedia.org/wiki/RSA_(algorithm) - I will warn you though, it's quite long]
I will note here also that RSA is used for
signing content, but not encrypting. There is an important difference, and here it is: On the 3DS, encryption is done using a "symmetric" algorithm (
AES). What this means is that there is one key for encryption (not two), and that key is used both for encryption and decryption. The benefit of this is that it takes less processing power and time, so has less impact on performance. The downside is of course that if the key ("the common key" usually) is discovered, anyone can decrypt and, more importantly,
encrypt content. And of course, this key
has to be present on each 3DS unit, to decrypt content.
So encryption doesn't add a whole lot of security; it's more of an obfuscation technique (i.e. hiding content, rather than preventing it being modified). It does offer some security, but not a lot. The real security comes from the
signing. Signing is done using RSA as I mentioned above, which is an "assymetric" algorithm; this means there are two keys, one used for encrypting, and one for decrypting. (RSA is still an encryption algorithm, although it is used for "signing" on the 3DS). A signature is generated by taking a chunk of the file in question (e.g. 1 KB or whatever; probably much larger than 1KB, but hopefully you get the idea), taking a
SHA-1 hash of that chunk, and encrypting that hash with the private key. When the 3DS is checking the signature, it will then decrypt the hash using the public key, take the SHA-1 hash of the relevant chunk, and compare the one from the signature to the one it generated itself. If they match, it knows that the file has not been modified. If they do not match, the file has been modified.
By only encrypting the hashes of chunks in this way, there is less impact on performance than if the content itself is encrypted assymetrically. [Assymetric encryption uses more processing power and time to decrypt than symmetric].
The encrypted hashes are the "signature".
So to summarise, content is
encrypted with AES using a "common key", then
signed with RSA using a "private key". The signature is checked with the "public key" and content is decrypted with the "common key".
[I did a little more reading about cryptography since my last post...]