Signed PKG question

You can but the last couple of OFW releases changed things up so you can not do that any more as Sony prevented it and we have no way of regressing things at present.

General overview
They keys for the PS3 (all of them) got leaked by way of very bad implementation (see the 27C3 presentation for more on that- http://www.youtube.com/watch?v=5E0DkoQjCmI ). This meant you could sign any piece of code as previously only Sony could do. Still some sidestepped this and instead made custom firmwares for the PS3 that ignored these restrictions and gained a few other things along the way.
Sony did about the one thing they could do in this situation (leaked keys like this is about as big a screwup as it gets in crypto)- they whitelisted (made a big list that says only things on this list can run) all known/existing valid files (that is to say not your homebrew program and owing to some choice things this also means no disc games and PSN content with the sort of stuff you have available- effectively locking it back down) and generated a new set of keys for all new pieces of code to use with a proper implementation.

The original discovered keys do however include a hardcoded value early on in the PS3 boot sequence so technically things could still revert and Sony can do nothing about it on all existing hardware (well I do not know about the very latest models but everything made at least until February if not nearer to present is vulnerable and there is nothing Sony can do) but nobody has released anything yet.

As for the new keys to my knowledge nobody has these new keys yet and even if they did they would just be the public keys and of no great use other than to decode new games that use them and firmwares (which might lead to new exploits but that is besides the point).
I think it was mathieulh that detailed a possible method to dump the keys but nobody has followed through yet and alongside this it would probably take fiddling with hardware rather than the load up a USB drive and press install that the first few waves of hacks after signing got broken did.

As some new games now feature these new keys someone might be moved to dump them and sort things but in general anybody that wants an easily homebrew capable system can get one for about the same price as a regular PS3 (or they did not upgrade) so there is not that much motivation to do such things.

 

well i came upon something intresting on psx-scene it may start up again basicly somebody made a sucessful dump of 16 MB NOR flash

proof

 

Last I heard, all the 3.6X public keys were known but the private key (that makes everything possible) was still unknown. People are working on it, but information on it is all underground so finding out takes effort.

I'm in the boat of "if it ain't broke, don't fix it" with 3.55. When Disgaea 4 comes out though... chances are I'll buy myself another PS3 along with a handful of the games I really liked (e.g. Star Ocean).