1 files changed, 68 insertions, 0 deletions
diff --git a/PROTOCOL.key b/PROTOCOL.key
new file mode 100644
index 000000000..959bd7aee
--- /dev/null
+++ b/PROTOCOL.key
@@ -0,0 +1,68 @@
+This document describes the private key format for OpenSSH.
+1. Overall format
+The key consists of a header, a list of public keys, and
+an encrypted list of matching private keys.
+#define AUTH_MAGIC      "openssh-key-v1"
+        byte[]  AUTH_MAGIC
+        string  ciphername
+        string  kdfname
+        string  kdfoptions
+        int     number of keys N
+        string  publickey1
+        string  publickey2
+        ...
+        string  publickeyN
+        string  encrypted, padded list of private keys
+2. KDF options for kdfname "bcrypt"
+The options:
+        string salt
+        uint32 rounds
+are concatenated and represented as a string.
+3. Unencrypted list of N private keys
+The list of privatekey/comment pairs is padded with the
+bytes 1, 2, 3, ... until the total length is a multiple
+of the cipher block size.
+        uint32  checkint
+        uint32  checkint
+        string  privatekey1
+        string  comment1
+        string  privatekey2
+        string  comment2
+        ...
+        string  privatekeyN
+        string  commentN
+        char    1
+        char    2
+        char    3
+        ...
+        char    padlen % 255
+Before the key is encrypted, a random integer is assigned
+to both checkint fields so successful decryption can be
+quickly checked by verifying that both checkint fields
+hold the same value.
+4. Encryption
+The KDF is used to derive a key, IV (and other values required by
+the cipher) from the passphrase. These values are then used to
+encrypt the unencrypted list of private keys.
+5. No encryption
+For unencrypted keys the cipher "none" and the KDF "none"
+are used with empty passphrases. The options if the KDF "none"
+are the empty string.
+$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $

diff --git a/PROTOCOL.key b/PROTOCOL.key new file mode 100644 index 000000000..959bd7aee --- /dev/null +++ b/PROTOCOL.key
@@ -0,0 +1,68 @@
	1	This document describes the private key format for OpenSSH.
	2
	3	1. Overall format
	4
	5	The key consists of a header, a list of public keys, and
	6	an encrypted list of matching private keys.
	7
	8	#define AUTH_MAGIC "openssh-key-v1"
	9
	10	byte[] AUTH_MAGIC
	11	string ciphername
	12	string kdfname
	13	string kdfoptions
	14	int number of keys N
	15	string publickey1
	16	string publickey2
	17	...
	18	string publickeyN
	19	string encrypted, padded list of private keys
	20
	21	2. KDF options for kdfname "bcrypt"
	22
	23	The options:
	24
	25	string salt
	26	uint32 rounds
	27
	28	are concatenated and represented as a string.
	29
	30	3. Unencrypted list of N private keys
	31
	32	The list of privatekey/comment pairs is padded with the
	33	bytes 1, 2, 3, ... until the total length is a multiple
	34	of the cipher block size.
	35
	36	uint32 checkint
	37	uint32 checkint
	38	string privatekey1
	39	string comment1
	40	string privatekey2
	41	string comment2
	42	...
	43	string privatekeyN
	44	string commentN
	45	char 1
	46	char 2
	47	char 3
	48	...
	49	char padlen % 255
	50
	51	Before the key is encrypted, a random integer is assigned
	52	to both checkint fields so successful decryption can be
	53	quickly checked by verifying that both checkint fields
	54	hold the same value.
	55
	56	4. Encryption
	57
	58	The KDF is used to derive a key, IV (and other values required by
	59	the cipher) from the passphrase. These values are then used to
	60	encrypt the unencrypted list of private keys.
	61
	62	5. No encryption
	63
	64	For unencrypted keys the cipher "none" and the KDF "none"
	65	are used with empty passphrases. The options if the KDF "none"
	66	are the empty string.
	67
	68	$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $