| This document describes the private key format for OpenSSH. |
| |
| 1. Overall format |
| |
| The key consists of a header, a list of public keys, and |
| an encrypted list of matching private keys. |
| |
| #define AUTH_MAGIC "openssh-key-v1" |
| |
| byte[] AUTH_MAGIC |
| string ciphername |
| string kdfname |
| string kdfoptions |
| int number of keys N |
| string publickey1 |
| string publickey2 |
| ... |
| string publickeyN |
| string encrypted, padded list of private keys |
| |
| 2. KDF options for kdfname "bcrypt" |
| |
| The options: |
| |
| string salt |
| uint32 rounds |
| |
| are concatenated and represented as a string. |
| |
| 3. Unencrypted list of N private keys |
| |
| The list of privatekey/comment pairs is padded with the |
| bytes 1, 2, 3, ... until the total length is a multiple |
| of the cipher block size. |
| |
| uint32 checkint |
| uint32 checkint |
| string privatekey1 |
| string comment1 |
| string privatekey2 |
| string comment2 |
| ... |
| string privatekeyN |
| string commentN |
| char 1 |
| char 2 |
| char 3 |
| ... |
| char padlen % 255 |
| |
| Before the key is encrypted, a random integer is assigned |
| to both checkint fields so successful decryption can be |
| quickly checked by verifying that both checkint fields |
| hold the same value. |
| |
| 4. Encryption |
| |
| The KDF is used to derive a key, IV (and other values required by |
| the cipher) from the passphrase. These values are then used to |
| encrypt the unencrypted list of private keys. |
| |
| 5. No encryption |
| |
| For unencrypted keys the cipher "none" and the KDF "none" |
| are used with empty passphrases. The options if the KDF "none" |
| are the empty string. |
| |
| $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ |