I think I figured out how Sony signs PSV files, or at least have some insight into how they do it, now. I made two PSV files of the same save from the same game, and the signature was different between both saves. It seems like they use the current time(in UTC) as a digital signature or seed and then encrypt it somehow. As for how they're encrypting it though, I have no clue.
The file name doesn't seem to contain a UTC time. I waited a number of minutes between creating PSV files and the file name still ended up being the same. However, the 40 byte signature inside still does change based on the time.
The hex bytes are the game's code in the PSV's file name: It's the game's "Identifier", e.g. what name it uses to save under in the memory card(I think). That's what MemcardRex calls it, anyway.
So for example: take a Chrono Cross save, we get BASLUSP01041, which is the game's product code(I guess BA is added beforehand for whatever reason for US games, in PAL games it's BESLES, in JP I don't know yet), and the Identifier makes up the hex bytes for the other half of the filename: 55 53 43 48 52 4F 30 30, which translates to USCHRO00 in ASCII. So if you create the properly named file(BASLUSP0104155534348524F3030.PSV), all we have to do now is figure out what algorithm Sony's using to encrypt the current time(or whatever they're using the current time as a seed for), and we can digitally sign our own PSV files.
The signature changes based on the current time of the PS3 when it signs the PSV:
Same save, but different time(5-10 minutes later iirc):
Saves used in the hex editor:
http://www.mediafire.com/?h3qkfu43k278q6eHopefully someone will have a better idea how to proceed from here.
