summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-08-10 00:42:29 +0000
committerDamien Miller <djm@mindrot.org>2018-08-10 11:14:06 +1000
commit7c712966a3139622f7fb55045368d05de4e6782c (patch)
tree0615dc6bf716b7873af18c0efdb7ca3c6cece9b5
parentef100a2c5a8ed83afac0b8f36520815803da227a (diff)
upstream: Describe pubkey format, prompted by bz#2853
While I'm here, describe and link to the remaining local PROTOCOL.* docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and PROTOCOL.mux) OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231
-rw-r--r--PROTOCOL33
1 files changed, 32 insertions, 1 deletions
diff --git a/PROTOCOL b/PROTOCOL
index 033f00b49..099aca051 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -458,4 +458,35 @@ respond with a SSH_FXP_STATUS message.
458This extension is advertised in the SSH_FXP_VERSION hello with version 458This extension is advertised in the SSH_FXP_VERSION hello with version
459"1". 459"1".
460 460
461$OpenBSD: PROTOCOL,v 1.33 2018/08/10 00:27:15 djm Exp $ 4614. Miscellaneous changes
462
4634.1 Public key format
464
465OpenSSH public keys, as generated by ssh-keygen(1) and appearing in
466authorized_keys files, are formatted as a single line of text consisting
467of the public key algorithm name followed by a base64-encoded key blob.
468The public key blob (before base64 encoding) is the same format used
469for the encoding of public keys sent on the wire, e.g. as described in
470RFC4253 section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA
471keys and the "New public key formats" section of PROTOCOL.certkeys for
472the OpenSSH certificate formats.
473
4744.2 Private key format
475
476OpenSSH private keys, as generated by ssh-keygen(1) use the format
477described in PROTOCOL.key by default. As a legacy option, PEM format
478(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys
479and were the default format before OpenSSH 7.8.
480
4814.3 KRL format
482
483OpenSSH supports a compact format for Key Revocation Lists (KRLs). This
484format is described in the PROTOCOL.krl file.
485
4864.4 Connection multiplexing
487
488OpenSSH's connection multiplexing uses messages as described in
489PROTOCOL.mux over a Unix domain socket for communications between a
490master instance and later clients.
491
492$OpenBSD: PROTOCOL,v 1.34 2018/08/10 00:42:29 djm Exp $