Originally Posted by chosela
Actually, the private key IS in the PS3, unfortunately Sony has bullied away the devs who had the knowledge to know where to look and how to look.
In order to validate the key the PS3 has to know the key, unfortunately this scene has been neutered a long time ago when it decided to distribute parts of Sony's code.
Private\Public key encryption works where the private key is used to SIGN\ENCRYPT content. The public key is used to VERIFY\DECRYPT the content. The private key cannot be calculated from the public key.
This is the beauty of Private\Public key encryption.
It is one of the great developments of the past 20 years or so with virtually no implementations of it even using very simple key lengths - none broken by anything except commercial efforts, even then we're talking very short key lengths . The one's used in the PS3 is a magnitude times more difficult to break by brute force (the ONLY way to break it). It would take millions of years to retrieve the private keys that Sony uses with millions of computers all working together that is.
The private key is NOT in the console and might not even be known by anyone in the world - even at Sony HQ. As if Sony had sense it would be possible to isolate the key on a computer system so only the software that signs it knows the key.
Imagine throwing a dice in the dark and you have a number, you can't see it but an infra-red camera could. That dice number could then be used to sign all stuff that needs to be signed\encrypted.
...Terrible analogy but it explains the point.