xref: /freebsd/crypto/openssh/PROTOCOL.key (revision ec965063070e5753c166cf592c9336444b74720a)
1This document describes the private key format for OpenSSH.
2
31. Overall format
4
5The key consists of a header, a list of public keys, and
6an encrypted list of matching private keys.
7
8#define AUTH_MAGIC      "openssh-key-v1"
9
10	byte[]	AUTH_MAGIC
11	string	ciphername
12	string	kdfname
13	string	kdfoptions
14	uint32	number of keys N
15	string	publickey1
16	string	publickey2
17	...
18	string	publickeyN
19	string	encrypted, padded list of private keys
20
212. KDF options for kdfname "bcrypt"
22
23The options:
24
25	string salt
26	uint32 rounds
27
28are concatenated and represented as a string.
29
303. Unencrypted list of N private keys
31
32The list of privatekey/comment pairs is padded with the
33bytes 1, 2, 3, ... until the total length is a multiple
34of the cipher block size.
35
36	uint32	checkint
37	uint32	checkint
38	byte[]	privatekey1
39	string	comment1
40	byte[]	privatekey2
41	string	comment2
42	...
43	string	privatekeyN
44	string	commentN
45	byte	1
46	byte	2
47	byte	3
48	...
49	byte	padlen % 255
50
51where each private key is encoded using the same rules as used for
52SSH agent.
53
54Before the key is encrypted, a random integer is assigned
55to both checkint fields so successful decryption can be
56quickly checked by verifying that both checkint fields
57hold the same value.
58
594. Encryption
60
61The KDF is used to derive a key, IV (and other values required by
62the cipher) from the passphrase. These values are then used to
63encrypt the unencrypted list of private keys.
64
655. No encryption
66
67For unencrypted keys the cipher "none" and the KDF "none"
68are used with empty passphrases. The options if the KDF "none"
69are the empty string.
70
71$OpenBSD: PROTOCOL.key,v 1.3 2022/07/01 04:45:50 djm Exp $
72