1 This document describes the private key format for OpenSSH. 2 3 1. Overall format 4 5 The key consists of a header, a list of public keys, and 6 an encrypted list of matching private keys. 7 8 #define AUTH_MAGIC "openssh-key-v1" 9 10 byte[] AUTH_MAGIC 11 string ciphername 12 string kdfname 13 string kdfoptions 14 uint32 number of keys N 15 string publickey1 16 string publickey2 17 ... 18 string publickeyN 19 string encrypted, padded list of private keys 20 21 2. KDF options for kdfname "bcrypt" 22 23 The options: 24 25 string salt 26 uint32 rounds 27 28 are concatenated and represented as a string. 29 30 3. Unencrypted list of N private keys 31 32 The list of privatekey/comment pairs is padded with the 33 bytes 1, 2, 3, ... until the total length is a multiple 34 of the cipher block size. 35 36 uint32 checkint 37 uint32 checkint 38 byte[] privatekey1 39 string comment1 40 byte[] privatekey2 41 string comment2 42 ... 43 byte[] privatekeyN 44 string commentN 45 byte 1 46 byte 2 47 byte 3 48 ... 49 byte padlen % 255 50 51 where each private key is encoded using the same rules as used for 52 SSH agent. 53 54 Before the key is encrypted, a random integer is assigned 55 to both checkint fields so successful decryption can be 56 quickly checked by verifying that both checkint fields 57 hold the same value. 58 59 4. Encryption 60 61 The KDF is used to derive a key, IV (and other values required by 62 the cipher) from the passphrase. These values are then used to 63 encrypt the unencrypted list of private keys. 64 65 5. No encryption 66 67 For unencrypted keys the cipher "none" and the KDF "none" 68 are used with empty passphrases. The options if the KDF "none" 69 are the empty string. 70 71 $OpenBSD: PROTOCOL.key,v 1.4 2024/03/30 05:56:22 djm Exp $ 72
Indexes created Mon Apr 06 00:22:49 UTC 2026