diff options
| author | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-12-07 10:41:55 +1100 |
| commit | bcd00abd8451f36142ae2ee10cc657202149201e (patch) | |
| tree | 946db23f1ec607d9260e46b9f6f2422e0e9c970c /PROTOCOL.key | |
| parent | f0e9060d236c0e38bec2fa1c6579fb0a2ea6458d (diff) | |
- markus@cvs.openbsd.org 2013/12/06 13:34:54
[authfile.c authfile.h cipher.c cipher.h key.c packet.c ssh-agent.c]
[ssh-keygen.c PROTOCOL.key] new private key format, bcrypt as KDF by
default; details in PROTOCOL.key; feedback and lots help from djm;
ok djm@
Diffstat (limited to 'PROTOCOL.key')
| -rw-r--r-- | PROTOCOL.key | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/PROTOCOL.key b/PROTOCOL.key new file mode 100644 index 000000000..959bd7aee --- /dev/null +++ b/PROTOCOL.key | |||
| @@ -0,0 +1,68 @@ | |||
| 1 | This document describes the private key format for OpenSSH. | ||
| 2 | |||
| 3 | 1. Overall format | ||
| 4 | |||
| 5 | The key consists of a header, a list of public keys, and | ||
| 6 | an encrypted list of matching private keys. | ||
| 7 | |||
| 8 | #define AUTH_MAGIC "openssh-key-v1" | ||
| 9 | |||
| 10 | byte[] AUTH_MAGIC | ||
| 11 | string ciphername | ||
| 12 | string kdfname | ||
| 13 | string kdfoptions | ||
| 14 | int number of keys N | ||
| 15 | string publickey1 | ||
| 16 | string publickey2 | ||
| 17 | ... | ||
| 18 | string publickeyN | ||
| 19 | string encrypted, padded list of private keys | ||
| 20 | |||
| 21 | 2. KDF options for kdfname "bcrypt" | ||
| 22 | |||
| 23 | The options: | ||
| 24 | |||
| 25 | string salt | ||
| 26 | uint32 rounds | ||
| 27 | |||
| 28 | are concatenated and represented as a string. | ||
| 29 | |||
| 30 | 3. Unencrypted list of N private keys | ||
| 31 | |||
| 32 | The list of privatekey/comment pairs is padded with the | ||
| 33 | bytes 1, 2, 3, ... until the total length is a multiple | ||
| 34 | of the cipher block size. | ||
| 35 | |||
| 36 | uint32 checkint | ||
| 37 | uint32 checkint | ||
| 38 | string privatekey1 | ||
| 39 | string comment1 | ||
| 40 | string privatekey2 | ||
| 41 | string comment2 | ||
| 42 | ... | ||
| 43 | string privatekeyN | ||
| 44 | string commentN | ||
| 45 | char 1 | ||
| 46 | char 2 | ||
| 47 | char 3 | ||
| 48 | ... | ||
| 49 | char padlen % 255 | ||
| 50 | |||
| 51 | Before the key is encrypted, a random integer is assigned | ||
| 52 | to both checkint fields so successful decryption can be | ||
| 53 | quickly checked by verifying that both checkint fields | ||
| 54 | hold the same value. | ||
| 55 | |||
| 56 | 4. Encryption | ||
| 57 | |||
| 58 | The KDF is used to derive a key, IV (and other values required by | ||
| 59 | the cipher) from the passphrase. These values are then used to | ||
| 60 | encrypt the unencrypted list of private keys. | ||
| 61 | |||
| 62 | 5. No encryption | ||
| 63 | |||
| 64 | For unencrypted keys the cipher "none" and the KDF "none" | ||
| 65 | are used with empty passphrases. The options if the KDF "none" | ||
| 66 | are the empty string. | ||
| 67 | |||
| 68 | $OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ | ||