Annotation of src/usr.bin/ssh/PROTOCOL.key, Revision 1.3
1.1 markus 1: This document describes the private key format for OpenSSH.
2:
3: 1. Overall format
4:
5: The key consists of a header, a list of public keys, and
6: an encrypted list of matching private keys.
7:
8: #define AUTH_MAGIC "openssh-key-v1"
9:
10: byte[] AUTH_MAGIC
11: string ciphername
12: string kdfname
13: string kdfoptions
1.3 ! djm 14: uint32 number of keys N
1.1 markus 15: string publickey1
16: string publickey2
17: ...
18: string publickeyN
19: string encrypted, padded list of private keys
20:
21: 2. KDF options for kdfname "bcrypt"
22:
23: The options:
24:
25: string salt
26: uint32 rounds
27:
28: are concatenated and represented as a string.
29:
30: 3. Unencrypted list of N private keys
31:
32: The list of privatekey/comment pairs is padded with the
33: bytes 1, 2, 3, ... until the total length is a multiple
34: of the cipher block size.
35:
36: uint32 checkint
37: uint32 checkint
1.2 djm 38: byte[] privatekey1
1.1 markus 39: string comment1
1.2 djm 40: byte[] privatekey2
1.1 markus 41: string comment2
42: ...
43: string privatekeyN
44: string commentN
1.3 ! djm 45: byte 1
! 46: byte 2
! 47: byte 3
1.1 markus 48: ...
1.3 ! djm 49: byte padlen % 255
1.1 markus 50:
1.2 djm 51: where each private key is encoded using the same rules as used for
52: SSH agent.
53:
1.1 markus 54: Before the key is encrypted, a random integer is assigned
55: to both checkint fields so successful decryption can be
56: quickly checked by verifying that both checkint fields
57: hold the same value.
58:
59: 4. Encryption
60:
61: The KDF is used to derive a key, IV (and other values required by
62: the cipher) from the passphrase. These values are then used to
63: encrypt the unencrypted list of private keys.
64:
65: 5. No encryption
66:
67: For unencrypted keys the cipher "none" and the KDF "none"
68: are used with empty passphrases. The options if the KDF "none"
69: are the empty string.
70:
1.3 ! djm 71: $OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $