PROTOCOL.key revision 1.1.1.4
1 1.1 christos This document describes the private key format for OpenSSH. 2 1.1 christos 3 1.1 christos 1. Overall format 4 1.1 christos 5 1.1 christos The key consists of a header, a list of public keys, and 6 1.1 christos an encrypted list of matching private keys. 7 1.1 christos 8 1.1 christos #define AUTH_MAGIC "openssh-key-v1" 9 1.1 christos 10 1.1 christos byte[] AUTH_MAGIC 11 1.1 christos string ciphername 12 1.1 christos string kdfname 13 1.1 christos string kdfoptions 14 1.1.1.3 christos uint32 number of keys N 15 1.1 christos string publickey1 16 1.1 christos string publickey2 17 1.1 christos ... 18 1.1 christos string publickeyN 19 1.1 christos string encrypted, padded list of private keys 20 1.1 christos 21 1.1 christos 2. KDF options for kdfname "bcrypt" 22 1.1 christos 23 1.1 christos The options: 24 1.1 christos 25 1.1 christos string salt 26 1.1 christos uint32 rounds 27 1.1 christos 28 1.1 christos are concatenated and represented as a string. 29 1.1 christos 30 1.1 christos 3. Unencrypted list of N private keys 31 1.1 christos 32 1.1 christos The list of privatekey/comment pairs is padded with the 33 1.1 christos bytes 1, 2, 3, ... until the total length is a multiple 34 1.1 christos of the cipher block size. 35 1.1 christos 36 1.1 christos uint32 checkint 37 1.1 christos uint32 checkint 38 1.1.1.2 christos byte[] privatekey1 39 1.1 christos string comment1 40 1.1.1.2 christos byte[] privatekey2 41 1.1 christos string comment2 42 1.1 christos ... 43 1.1.1.4 christos byte[] privatekeyN 44 1.1 christos string commentN 45 1.1.1.3 christos byte 1 46 1.1.1.3 christos byte 2 47 1.1.1.3 christos byte 3 48 1.1 christos ... 49 1.1.1.3 christos byte padlen % 255 50 1.1 christos 51 1.1.1.2 christos where each private key is encoded using the same rules as used for 52 1.1.1.2 christos SSH agent. 53 1.1.1.2 christos 54 1.1 christos Before the key is encrypted, a random integer is assigned 55 1.1 christos to both checkint fields so successful decryption can be 56 1.1 christos quickly checked by verifying that both checkint fields 57 1.1 christos hold the same value. 58 1.1 christos 59 1.1 christos 4. Encryption 60 1.1 christos 61 1.1 christos The KDF is used to derive a key, IV (and other values required by 62 1.1 christos the cipher) from the passphrase. These values are then used to 63 1.1 christos encrypt the unencrypted list of private keys. 64 1.1 christos 65 1.1 christos 5. No encryption 66 1.1 christos 67 1.1 christos For unencrypted keys the cipher "none" and the KDF "none" 68 1.1 christos are used with empty passphrases. The options if the KDF "none" 69 1.1 christos are the empty string. 70 1.1 christos 71 1.1.1.4 christos $OpenBSD: PROTOCOL.key,v 1.4 2024/03/30 05:56:22 djm Exp $ 72
Indexes created Sun Apr 19 00:22:55 UTC 2026