forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 61
/
PROTOCOL.key
71 lines (53 loc) · 1.58 KB
/
PROTOCOL.key
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
This document describes the private key format for OpenSSH.
1. Overall format
The key consists of a header, a list of public keys, and
an encrypted list of matching private keys.
#define AUTH_MAGIC "openssh-key-v1"
byte[] AUTH_MAGIC
string ciphername
string kdfname
string kdfoptions
uint32 number of keys N
string publickey1
string publickey2
...
string publickeyN
string encrypted, padded list of private keys
2. KDF options for kdfname "bcrypt"
The options:
string salt
uint32 rounds
are concatenated and represented as a string.
3. Unencrypted list of N private keys
The list of privatekey/comment pairs is padded with the
bytes 1, 2, 3, ... until the total length is a multiple
of the cipher block size.
uint32 checkint
uint32 checkint
byte[] privatekey1
string comment1
byte[] privatekey2
string comment2
...
string privatekeyN
string commentN
byte 1
byte 2
byte 3
...
byte padlen % 255
where each private key is encoded using the same rules as used for
SSH agent.
Before the key is encrypted, a random integer is assigned
to both checkint fields so successful decryption can be
quickly checked by verifying that both checkint fields
hold the same value.
4. Encryption
The KDF is used to derive a key, IV (and other values required by
the cipher) from the passphrase. These values are then used to
encrypt the unencrypted list of private keys.
5. No encryption
For unencrypted keys the cipher "none" and the KDF "none"
are used with empty passphrases. The options if the KDF "none"
are the empty string.
$OpenBSD: PROTOCOL.key,v 1.3 2022/07/01 04:45:50 djm Exp $