1261287SdesThis document describes the private key format for OpenSSH. 2261287Sdes 3261287Sdes1. Overall format 4261287Sdes 5261287SdesThe key consists of a header, a list of public keys, and 6261287Sdesan encrypted list of matching private keys. 7261287Sdes 8261287Sdes#define AUTH_MAGIC "openssh-key-v1" 9261287Sdes 10261287Sdes byte[] AUTH_MAGIC 11261287Sdes string ciphername 12261287Sdes string kdfname 13261287Sdes string kdfoptions 14261287Sdes int number of keys N 15261287Sdes string publickey1 16261287Sdes string publickey2 17261287Sdes ... 18261287Sdes string publickeyN 19261287Sdes string encrypted, padded list of private keys 20261287Sdes 21261287Sdes2. KDF options for kdfname "bcrypt" 22261287Sdes 23261287SdesThe options: 24261287Sdes 25261287Sdes string salt 26261287Sdes uint32 rounds 27261287Sdes 28261287Sdesare concatenated and represented as a string. 29261287Sdes 30261287Sdes3. Unencrypted list of N private keys 31261287Sdes 32261287SdesThe list of privatekey/comment pairs is padded with the 33261287Sdesbytes 1, 2, 3, ... until the total length is a multiple 34261287Sdesof the cipher block size. 35261287Sdes 36261287Sdes uint32 checkint 37261287Sdes uint32 checkint 38261287Sdes string privatekey1 39261287Sdes string comment1 40261287Sdes string privatekey2 41261287Sdes string comment2 42261287Sdes ... 43261287Sdes string privatekeyN 44261287Sdes string commentN 45261287Sdes char 1 46261287Sdes char 2 47261287Sdes char 3 48261287Sdes ... 49261287Sdes char padlen % 255 50261287Sdes 51261287SdesBefore the key is encrypted, a random integer is assigned 52261287Sdesto both checkint fields so successful decryption can be 53261287Sdesquickly checked by verifying that both checkint fields 54261287Sdeshold the same value. 55261287Sdes 56261287Sdes4. Encryption 57261287Sdes 58261287SdesThe KDF is used to derive a key, IV (and other values required by 59261287Sdesthe cipher) from the passphrase. These values are then used to 60261287Sdesencrypt the unencrypted list of private keys. 61261287Sdes 62261287Sdes5. No encryption 63261287Sdes 64261287SdesFor unencrypted keys the cipher "none" and the KDF "none" 65261287Sdesare used with empty passphrases. The options if the KDF "none" 66261287Sdesare the empty string. 67261287Sdes 68261287Sdes$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ 69