The System Settings application delivered with each DSi can be used to export applications from NAND to SD. The files created on SD are encrypted with AES CCM (CTR with CBC-MAC), using a combination of a shared key and a console specific key.

The application itself (APP), and the title metadata (TMD) is encrypted with a console specific key. This means that Nintendo intended that these files can only be imported back into the same DSi.

While the banner, the public savegame, and several other metablocks are encrypted with a shared key, which means any DSi can inspect these parts of the file.

ES block encryption is used to encrypt the header block, footer block, and the 11 parts. Each are their own seperate ES blocks.

header

0000000: 34 41 4e 54 31 30 00 01 74 e9 2c 1e 24 00 00 00  4ANT10..t.,.$...
0000010: d6 e0 39 c3 98 3f 06 b6 9a b2 9d 14 e7 06 e9 00  ..9..?..........
0000020: 45 4d 44 4b 04 00 03 00 28 02 00 00 20 d2 e0 00  EMDK....(... ...
0000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000040: 00 00 00 00 00 00 00 00 00 00 00 00 80 80 06 00  ................
0000050: 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00  ................
0000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000070: 00 00 00 00 00 80 06 00 00 00 00 00 00 00 00 00  ................
0000080: 00 00 00 00 00 86 00 00 00 00 00 00 00 00 00 00  ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000b0: 00 00 00 00                                      ....

footer block

0000000: d6 f3 24 7c a1 0f 4a dc cd 07 34 d6 ce 62 32 93  ..$|..J...4..b2.
0000010: 11 54 54 a5 28 38 13 5a 0c 87 8e dc 63 0a ab 2e  .TT.(8.Z....c...
0000020: 4a 0f 12 5c d7 31 ee 29 72 53 39 1d ff 70 c1 8a  J..\.1.)rS9..p..
0000030: 45 18 c1 88 85 1f f5 55 c6 5f 48 37 27 f3 0a 02  E......U._H7'...
0000040: e7 77 18 8b 84 ee cc e5 e4 40 e5 cb 64 bb 0a f3  .w.......@..d...
0000050: 20 00 53 00 74 00 75 00 64 00 69 00 6f 00 0a 00   .S.t.u.d.i.o...
0000060: 4e 00 69 00 6e 00 74 00 65 00 6e 00 64 00 6f 00  N.i.n.t.e.n.d.o.
0000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000d0: 00 00 00 00 00 00 00 00 00 00 00 00 c5 16 e5 12  ................
00000e0: 4c 70 9a fd 7a 03 87 d0 13 94 da 86 46 11 ff 31  Lp..z.......F..1
00000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000100: 00 00 00 00 00 b5 62 b1 02 c9 4e f3 14 2c 85 3d  ......b...N..,.=
0000110: a2 c6 be c9 d8 01 db 46 03 12 44 6e 89 87 c4 e5  .......F..Dn....
0000120: 83 1e 00 03 8f f8 cd 35 e3 e4 b8 8e be 6e 65 36  .......5.....ne6
0000130: f2 6d c6 dc 2c 4b d6 38 2b 2d 7f e5 22 b0 44 3b  .m..,K.8+-..".D;
0000140: 00 01 00 02 00 78 58 de a6 c4 70 9c 89 26 22 f2  .....xX...p..&".
0000150: 60 38 cb c5 d7 54 cd a3 d5 b9 d9 b3 84 63 6f be  `8...T.......co.
0000160: 36 ef 00 68 f0 9a 6b 35 91 1a 67 6f 73 dc 54 61  6..h..k5..gos.Ta
0000170: c1 c7 6c 6f d4 43 58 e6 e2 62 52 11 65 77 9a ce  ..lo.CX..bR.ew..
0000180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001c0: 52 6f 6f 74 2d 43 41 30 30 30 30 30 30 30 31 2d  Root-CA00000001-
00001d0: 4d 53 30 30 30 30 30 30 30 38 2d 54 57 63 37 39  MS00000008-TWc79
00001e0: 64 63 65 63 39 2d 30 38 61 32 30 32 38 37 30 31  dcec9-08a2028701
00001f0: 30 38 34 31 31 38 00 00 00 00 00 00 00 00 00 00  084118..........
0000200: 00 00 00 02 41 50 30 30 30 33 30 30 31 35 34 38  ....AP0003001548
0000210: 34 65 34 32 34 35 00 00 00 00 00 00 00 00 00 00  4e4245..........
0000220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000240: 00 00 00 00 00 00 00 00 00 d7 c1 33 4e 24 8c 13  ...........3N$..
0000250: 0f b3 f4 c4 bb 2a 4a 79 81 51 39 6f 00 ee a2 00  .....*Jy.Q9o....
0000260: 20 a6 f5 cc d8 72 01 74 60 57 4f a4 92 52 9b 5a   ....r.t`WO..R.Z
0000270: 56 75 a9 62 4f 67 25 e3 7b 05 21 e4 4f 1f c3 21  Vu.bOg%.{.!.O..!
0000280: 2b d8 ec e7 00 00 00 00 00 00 00 00 00 00 00 00  +...............
0000290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002c0: 00 01 00 02 00 db da 21 3b e1 f1 bf bb 4d dc 1d  .......!;....M..
00002d0: 60 29 da 19 42 1e 66 4f a8 e5 27 a1 d4 ea 46 7d  `)..B.fO..'...F}
00002e0: 9b b4 00 95 c5 0d e8 fa ef a7 8d e9 bc 54 da c1  .............T..
00002f0: 24 94 0b 7c ad a8 61 d5 05 97 c2 64 38 ad 18 f9  $..|..a....d8...
0000300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000340: 52 6f 6f 74 2d 43 41 30 30 30 30 30 30 30 31 2d  Root-CA00000001-
0000350: 4d 53 30 30 30 30 30 30 30 38 00 00 00 00 00 00  MS00000008......
0000360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000380: 00 00 00 02 54 57 63 37 39 64 63 65 63 39 2d 30  ....TWc79dcec9-0
0000390: 38 61 32 30 32 38 37 30 31 30 38 34 31 31 38 00  8a2028701084118.
00003a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00003b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00003c0: 00 00 00 00 6f dd de 42 01 e0 34 a3 19 bc a9 af  ....o..B..4.....
00003d0: 50 fe 8a ac 75 08 07 a9 3a 2c 21 51 93 ae 4a 90  P...u...:,!Q..J.
00003e0: 6e 62 41 f1 a2 fe 00 00 3d 0a 13 97 da 53 17 98  nbA.....=....S..
00003f0: 69 38 65 67 ca f4 9c 87 ec 44 b7 eb d0 ec b8 3d  i8eg.....D.....=
0000400: 23 cf 7a 35 00 00 00 00 00 00 00 00 00 00 00 00  #.z5............
0000410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

It is assumed that this block contains an ECC signature, aswell as the console id and serial of the DSi that exported the file, as part of a Nintendo cert. Much like the Wii, the DSi carries with it a private ECC key that it can use to sign things, and a certificate signed by Nintendo that attests to the fact that the public ECC key belongs to a genuine DSi.