Annotation of src/usr.bin/ssh/PROTOCOL.key, Revision 1.2
1.1 markus 1: This document describes the private key format for OpenSSH.
2:
3: 1. Overall format
4:
5: The key consists of a header, a list of public keys, and
6: an encrypted list of matching private keys.
7:
8: #define AUTH_MAGIC "openssh-key-v1"
9:
10: byte[] AUTH_MAGIC
11: string ciphername
12: string kdfname
13: string kdfoptions
14: int number of keys N
15: string publickey1
16: string publickey2
17: ...
18: string publickeyN
19: string encrypted, padded list of private keys
20:
21: 2. KDF options for kdfname "bcrypt"
22:
23: The options:
24:
25: string salt
26: uint32 rounds
27:
28: are concatenated and represented as a string.
29:
30: 3. Unencrypted list of N private keys
31:
32: The list of privatekey/comment pairs is padded with the
33: bytes 1, 2, 3, ... until the total length is a multiple
34: of the cipher block size.
35:
36: uint32 checkint
37: uint32 checkint
1.2 ! djm 38: byte[] privatekey1
1.1 markus 39: string comment1
1.2 ! djm 40: byte[] privatekey2
1.1 markus 41: string comment2
42: ...
43: string privatekeyN
44: string commentN
45: char 1
46: char 2
47: char 3
48: ...
49: char padlen % 255
50:
1.2 ! djm 51: where each private key is encoded using the same rules as used for
! 52: SSH agent.
! 53:
1.1 markus 54: Before the key is encrypted, a random integer is assigned
55: to both checkint fields so successful decryption can be
56: quickly checked by verifying that both checkint fields
57: hold the same value.
58:
59: 4. Encryption
60:
61: The KDF is used to derive a key, IV (and other values required by
62: the cipher) from the passphrase. These values are then used to
63: encrypt the unencrypted list of private keys.
64:
65: 5. No encryption
66:
67: For unencrypted keys the cipher "none" and the KDF "none"
68: are used with empty passphrases. The options if the KDF "none"
69: are the empty string.
70:
1.2 ! djm 71: $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $