summaryrefslogtreecommitdiff
path: root/PROTOCOL.certkeys
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2016-08-06 10:49:59 +0100
committerColin Watson <cjwatson@debian.org>2016-08-07 12:18:58 +0100
commit477bb7636238c106f8cd7c868a8c0c5eabcfb3db (patch)
tree601176af2ecf358c36b766776a86845ad7a3cd6f /PROTOCOL.certkeys
parent747fac2de0d889183f67f6900194c0462c558544 (diff)
parent4c914ccd85bbf391c4dc61b85e3c178fef465e3f (diff)
New upstream release (7.3p1).
Diffstat (limited to 'PROTOCOL.certkeys')
-rw-r--r--PROTOCOL.certkeys42
1 files changed, 32 insertions, 10 deletions
diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index c98591093..aa6f5ae4c 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -100,9 +100,9 @@ DSA certificate
100 100
101ECDSA certificate 101ECDSA certificate
102 102
103 string "ecdsa-sha2-nistp256@openssh.com" | 103 string "ecdsa-sha2-nistp256-v01@openssh.com" |
104 "ecdsa-sha2-nistp384@openssh.com" | 104 "ecdsa-sha2-nistp384-v01@openssh.com" |
105 "ecdsa-sha2-nistp521@openssh.com" 105 "ecdsa-sha2-nistp521-v01@openssh.com"
106 string nonce 106 string nonce
107 string curve 107 string curve
108 string public_key 108 string public_key
@@ -118,6 +118,23 @@ ECDSA certificate
118 string signature key 118 string signature key
119 string signature 119 string signature
120 120
121ED25519 certificate
122
123 string "ssh-ed25519-cert-v01@openssh.com"
124 string nonce
125 string pk
126 uint64 serial
127 uint32 type
128 string key id
129 string valid principals
130 uint64 valid after
131 uint64 valid before
132 string critical options
133 string extensions
134 string reserved
135 string signature key
136 string signature
137
121The nonce field is a CA-provided random bitstring of arbitrary length 138The nonce field is a CA-provided random bitstring of arbitrary length
122(but typically 16 or 32 bytes) included to make attacks that depend on 139(but typically 16 or 32 bytes) included to make attacks that depend on
123inducing collisions in the signature hash infeasible. 140inducing collisions in the signature hash infeasible.
@@ -129,6 +146,9 @@ p, q, g, y are the DSA parameters as described in FIPS-186-2.
129curve and public key are respectively the ECDSA "[identifier]" and "Q" 146curve and public key are respectively the ECDSA "[identifier]" and "Q"
130defined in section 3.1 of RFC5656. 147defined in section 3.1 of RFC5656.
131 148
149pk is the encoded Ed25519 public key as defined by
150draft-josefsson-eddsa-ed25519-03.
151
132serial is an optional certificate serial number set by the CA to 152serial is an optional certificate serial number set by the CA to
133provide an abbreviated way to refer to certificates from that CA. 153provide an abbreviated way to refer to certificates from that CA.
134If a CA does not wish to number its certificates it must set this 154If a CA does not wish to number its certificates it must set this
@@ -146,7 +166,7 @@ strings packed inside it. These principals list the names for which this
146certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and 166certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
147usernames for SSH_CERT_TYPE_USER certificates. As a special case, a 167usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
148zero-length "valid principals" field means the certificate is valid for 168zero-length "valid principals" field means the certificate is valid for
149any principal of the specified type. XXX DNS wildcards? 169any principal of the specified type.
150 170
151"valid after" and "valid before" specify a validity period for the 171"valid after" and "valid before" specify a validity period for the
152certificate. Each represents a time in seconds since 1970-01-01 172certificate. Each represents a time in seconds since 1970-01-01
@@ -183,7 +203,7 @@ signature is computed over all preceding fields from the initial string
183up to, and including the signature key. Signatures are computed and 203up to, and including the signature key. Signatures are computed and
184encoded according to the rules defined for the CA's public key algorithm 204encoded according to the rules defined for the CA's public key algorithm
185(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA 205(RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
186types). 206types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
187 207
188Critical options 208Critical options
189---------------- 209----------------
@@ -203,8 +223,9 @@ option-specific information (see below). All options are
203"critical", if an implementation does not recognise a option 223"critical", if an implementation does not recognise a option
204then the validating party should refuse to accept the certificate. 224then the validating party should refuse to accept the certificate.
205 225
206The supported options and the contents and structure of their 226No critical options are defined for host certificates at present. The
207data fields are: 227supported user certificate options and the contents and structure of
228their data fields are:
208 229
209Name Format Description 230Name Format Description
210----------------------------------------------------------------------------- 231-----------------------------------------------------------------------------
@@ -233,8 +254,9 @@ as is the requirement that each name appear only once.
233If an implementation does not recognise an extension, then it should 254If an implementation does not recognise an extension, then it should
234ignore it. 255ignore it.
235 256
236The supported extensions and the contents and structure of their data 257No extensions are defined for host certificates at present. The
237fields are: 258supported user certificate extensions and the contents and structure of
259their data fields are:
238 260
239Name Format Description 261Name Format Description
240----------------------------------------------------------------------------- 262-----------------------------------------------------------------------------
@@ -262,4 +284,4 @@ permit-user-rc empty Flag indicating that execution of
262 of this script will not be permitted if 284 of this script will not be permitted if
263 this option is not present. 285 this option is not present.
264 286
265$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ 287$OpenBSD: PROTOCOL.certkeys,v 1.10 2016/05/03 10:27:59 djm Exp $