1126274SdesThis document describes the private key format for OpenSSH. 2126274Sdes 3126274Sdes1. Overall format 4126274Sdes 5126274SdesThe key consists of a header, a list of public keys, and 6126274Sdesan encrypted list of matching private keys. 7126274Sdes 8126274Sdes#define AUTH_MAGIC "openssh-key-v1" 9126274Sdes 10126274Sdes byte[] AUTH_MAGIC 11126274Sdes string ciphername 12126274Sdes string kdfname 13126274Sdes string kdfoptions 14126274Sdes int number of keys N 15126274Sdes string publickey1 16126274Sdes string publickey2 17126274Sdes ... 18126274Sdes string publickeyN 19126274Sdes string encrypted, padded list of private keys 20126274Sdes 21126274Sdes2. KDF options for kdfname "bcrypt" 22126274Sdes 23126274SdesThe options: 24126274Sdes 25126274Sdes string salt 26126274Sdes uint32 rounds 27126274Sdes 28126274Sdesare concatenated and represented as a string. 29162852Sdes 30162852Sdes3. Unencrypted list of N private keys 31181111Sdes 32126274SdesThe list of privatekey/comment pairs is padded with the 33162852Sdesbytes 1, 2, 3, ... until the total length is a multiple 34162852Sdesof the cipher block size. 35126274Sdes 36126274Sdes uint32 checkint 37126274Sdes uint32 checkint 38126274Sdes string privatekey1 39146998Sdes string comment1 40146998Sdes string privatekey2 41146998Sdes string comment2 42126274Sdes ... 43126274Sdes string privatekeyN 44126274Sdes string commentN 45126274Sdes char 1 46126274Sdes char 2 47126274Sdes char 3 48126274Sdes ... 49126274Sdes char padlen % 255 50126274Sdes 51126274SdesBefore the key is encrypted, a random integer is assigned 52126274Sdesto both checkint fields so successful decryption can be 53126274Sdesquickly checked by verifying that both checkint fields 54126274Sdeshold the same value. 55126274Sdes 56126274Sdes4. Encryption 57126274Sdes 58126274SdesThe KDF is used to derive a key, IV (and other values required by 59126274Sdesthe cipher) from the passphrase. These values are then used to 60126274Sdesencrypt the unencrypted list of private keys. 61126274Sdes 62126274Sdes5. No encryption 63126274Sdes 64126274SdesFor unencrypted keys the cipher "none" and the KDF "none" 65126274Sdesare used with empty passphrases. The options if the KDF "none" 66126274Sdesare the empty string. 67126274Sdes 68126274Sdes$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ 69126274Sdes