blob: 959bd7aeec22dd19696e48079ce2dd6979286acd [file] [log] [blame]
Damien Millerbcd00ab2013-12-07 10:41:55 +11001This document describes the private key format for OpenSSH.
2
31. Overall format
4
5The key consists of a header, a list of public keys, and
6an encrypted list of matching private keys.
7
8#define AUTH_MAGIC "openssh-key-v1"
9
10 byte[] AUTH_MAGIC
11 string ciphername
12 string kdfname
13 string kdfoptions
14 int number of keys N
15 string publickey1
16 string publickey2
17 ...
18 string publickeyN
19 string encrypted, padded list of private keys
20
212. KDF options for kdfname "bcrypt"
22
23The options:
24
25 string salt
26 uint32 rounds
27
28are concatenated and represented as a string.
29
303. Unencrypted list of N private keys
31
32The list of privatekey/comment pairs is padded with the
33bytes 1, 2, 3, ... until the total length is a multiple
34of the cipher block size.
35
36 uint32 checkint
37 uint32 checkint
38 string privatekey1
39 string comment1
40 string privatekey2
41 string comment2
42 ...
43 string privatekeyN
44 string commentN
45 char 1
46 char 2
47 char 3
48 ...
49 char padlen % 255
50
51Before the key is encrypted, a random integer is assigned
52to both checkint fields so successful decryption can be
53quickly checked by verifying that both checkint fields
54hold the same value.
55
564. Encryption
57
58The KDF is used to derive a key, IV (and other values required by
59the cipher) from the passphrase. These values are then used to
60encrypt the unencrypted list of private keys.
61
625. No encryption
63
64For unencrypted keys the cipher "none" and the KDF "none"
65are used with empty passphrases. The options if the KDF "none"
66are the empty string.
67
68$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $