There is a decent post by
svenmullet I'll quote to answer this:
Since I see this question all the time, I thought I'd do the forum a favor and explain why 4.X CFW can't be installed on OFW higher than 3.55. (at the moment)
The PS3 uses a sophisticated security measure called ECDSA (Elliptic Curve Digital Signature Algorithm), I won't go into that here, but suffice it to say, there are certain things the PS3 will not do unless the Private key is used to sign with. Installing system software is one of those things.
Thanks to the Lv0 key leak, we can decrypt Lv0 and reverse it in IDA to derive the loader keys, etc, and in turn decrypt the loaders and derive other keys further down the line, allowing us to completely decrypt any firmware and modify it.
However, when re-signing/repacking the files, the highest FW version for which we have Private keys is 3.55, so we must use those to encrypt/sign/package the PUP for installation. OFW higher than 3.55 looks at the PUP and says "Nope, signed with 3.55 private keys, which are revoked. Error and quit".
The reason we have <=3.55 private keys is because of an incorrect implementation of ECDSA; Sony used a static value in the algorithm instead of random, which makes it trivial to derive the private key from the public key. They fixed the error and secured the console properly in 3.56+.
The public keys we can get from 3.56+ work to decrypt files, but we cannot re-sign files with public keys, therefore, we can't (currently) make a PUP that will install on OFW 3.56+.
To give you an idea of what the difference is between Private and Public keys: Suppose you have a Private key 0x12345678, you can derive a Public key from that by performing an algorithm on it, for instance:
- Reverse bytes to 0x21436587
- Rotate left: 0x14365872
- XOR with an arbitrary value, (eg. 0x11111111) =0x5274963
0x5274963 is the Public key. This is what you give to people so they can decrypt your files. After all, they don't know the super-secret algorithm, so they can't easily derive the Private key. When checking the signature, you do the above steps in reverse:
- 0x5274963 XOR 0x11111111 = 0x14365872
- Rotate right: 0x21436587
- Reverse bytes to 0x12345678 and voila! The Public key is valid!
That was a very basic, simple implementation of how a Private/Public key works- ECDSA is uncrackable because it is impossible to derive the Private key from the Public key using math, the only known way to break the security on it is brute force, which when dealing with 160 bit keys involves a very, very huge amount of possible keys.
It would take much, much longer than the estimated age of the universe to crack it, in fact. Kinda pointless considering it's a video game console
And finally some ECDSA-related updates for those interested:
