PROTOCOL.key revision 1.1
1 1.1 christos This document describes the private key format for OpenSSH. 2 1.1 christos 3 1.1 christos 1. Overall format 4 1.1 christos 5 1.1 christos The key consists of a header, a list of public keys, and 6 1.1 christos an encrypted list of matching private keys. 7 1.1 christos 8 1.1 christos #define AUTH_MAGIC "openssh-key-v1" 9 1.1 christos 10 1.1 christos byte[] AUTH_MAGIC 11 1.1 christos string ciphername 12 1.1 christos string kdfname 13 1.1 christos string kdfoptions 14 1.1 christos int number of keys N 15 1.1 christos string publickey1 16 1.1 christos string publickey2 17 1.1 christos ... 18 1.1 christos string publickeyN 19 1.1 christos string encrypted, padded list of private keys 20 1.1 christos 21 1.1 christos 2. KDF options for kdfname "bcrypt" 22 1.1 christos 23 1.1 christos The options: 24 1.1 christos 25 1.1 christos string salt 26 1.1 christos uint32 rounds 27 1.1 christos 28 1.1 christos are concatenated and represented as a string. 29 1.1 christos 30 1.1 christos 3. Unencrypted list of N private keys 31 1.1 christos 32 1.1 christos The list of privatekey/comment pairs is padded with the 33 1.1 christos bytes 1, 2, 3, ... until the total length is a multiple 34 1.1 christos of the cipher block size. 35 1.1 christos 36 1.1 christos uint32 checkint 37 1.1 christos uint32 checkint 38 1.1 christos string privatekey1 39 1.1 christos string comment1 40 1.1 christos string privatekey2 41 1.1 christos string comment2 42 1.1 christos ... 43 1.1 christos string privatekeyN 44 1.1 christos string commentN 45 1.1 christos char 1 46 1.1 christos char 2 47 1.1 christos char 3 48 1.1 christos ... 49 1.1 christos char padlen % 255 50 1.1 christos 51 1.1 christos Before the key is encrypted, a random integer is assigned 52 1.1 christos to both checkint fields so successful decryption can be 53 1.1 christos quickly checked by verifying that both checkint fields 54 1.1 christos hold the same value. 55 1.1 christos 56 1.1 christos 4. Encryption 57 1.1 christos 58 1.1 christos The KDF is used to derive a key, IV (and other values required by 59 1.1 christos the cipher) from the passphrase. These values are then used to 60 1.1 christos encrypt the unencrypted list of private keys. 61 1.1 christos 62 1.1 christos 5. No encryption 63 1.1 christos 64 1.1 christos For unencrypted keys the cipher "none" and the KDF "none" 65 1.1 christos are used with empty passphrases. The options if the KDF "none" 66 1.1 christos are the empty string. 67 1.1 christos 68 1.1 christos $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ 69
Indexes created Thu Apr 30 00:23:01 UTC 2026