| blob | feda2529b9008fb60afdcad2b8e6525d94963649 |
1 This document describes the private key format for OpenSSH.
3 1. Overall format
5 The key consists of a header, a list of public keys, and
6 an encrypted list of matching private keys.
8 #define AUTH_MAGIC "openssh-key-v1"
10 byte[] AUTH_MAGIC
11 string ciphername
12 string kdfname
13 string kdfoptions
14 uint32 number of keys N
15 string publickey1
16 string publickey2
17 ...
18 string publickeyN
19 string encrypted, padded list of private keys
21 2. KDF options for kdfname "bcrypt"
23 The options:
25 string salt
26 uint32 rounds
28 are concatenated and represented as a string.
30 3. Unencrypted list of N private keys
32 The list of privatekey/comment pairs is padded with the
33 bytes 1, 2, 3, ... until the total length is a multiple
34 of the cipher block size.
36 uint32 checkint
37 uint32 checkint
38 byte[] privatekey1
39 string comment1
40 byte[] privatekey2
41 string comment2
42 ...
43 byte[] privatekeyN
44 string commentN
45 byte 1
46 byte 2
47 byte 3
48 ...
49 byte padlen % 255
51 where each private key is encoded using the same rules as used for
52 SSH agent.
54 Before the key is encrypted, a random integer is assigned
55 to both checkint fields so successful decryption can be
56 quickly checked by verifying that both checkint fields
57 hold the same value.
59 4. Encryption
61 The KDF is used to derive a key, IV (and other values required by
62 the cipher) from the passphrase. These values are then used to
63 encrypt the unencrypted list of private keys.
65 5. No encryption
67 For unencrypted keys the cipher "none" and the KDF "none"
68 are used with empty passphrases. The options if the KDF "none"
69 are the empty string.
71 $OpenBSD: PROTOCOL.key,v 1.4 2024/03/30 05:56:22 djm Exp $