############################################################################# SSHSecure - a program to harden OpenSSH from defaults Copyright (C) 2020 Brent Saner This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . ############################################################################# ANNOTATED HEX REFERENCE: PRIVATE: 0 "openssh-key-v1" string plus terminating nullbyte 1.0 uint32 allocator for 1.0.0 1.0.0 cipher name (string) - if not encrypted (no passphrase), "none" 2.0 uint32 allocator for 2.0.0 2.0.0 KDF name (string) - if not encrypted (no passphrase), "none" 3.0 uint32 allocator for 3.0.0 (nullbyte if unencrypted key) 3.0.0 (virtual) KDF options. This is "missing" if it is an unencrypted key. 3.0.0.0 uint32 allocator for 3.0.0.0.0 3.0.0.0.0 Salt/IV (bytes) 3.0.0.1 Number of rounds/"work factor" (uint32) 4.0 uint32 allocator for # of keys (currently unused; hardcoded to 1 (left zero-padded 0x01)) 4.0.0 uint32 allocator for public key #1 (4.0.0.0 to 4.0.0.1, inclusive) 4.0.0.0 uint32 allocator for 4.0.0.0.0 4.0.0.0.0 public key #1 keytype (string) 4.0.0.1 uint32 allocator for 4.0.0.1.0 4.0.0.1.0 public key #1 payload (bytes) 4.0.1 uint32 allocator for private key #1 (4.0.1.0 to 4.0.1.5, inclusive?)[0] 4.0.1.0 Checksum (random uint32) #1 (should match 4.0.1.1) 4.0.1.1 Checksum (random uint32) #2 (should match 4.0.1.0) 4.0.1.2 (virtual) Copy of public key (copy of 4.0.0.0 to 4.0.0.1, inclusive) 4.0.1.2.0 uint32 allocator for 4.0.1.2.0.0 4.0.1.2.0.0 public key #1 keytype (string) 4.0.1.2.1 uint32 allocator for 4.0.1.2.1.0 4.0.1.2.1.0 public key #1 payload (bytes) 4.0.1.3 uint32 allocator for 4.0.1.3.0 4.0.1.3.0 Private key #1 (bytes) 4.0.1.4 uint32 allocator for 4.0.1.4.0 4.0.1.4.0 Comment for key #1 (string) 4.0.1.5 Sequential padding to align private key to cipher blocksize (8 for unencrypted keys)[1]. [0] If it is an encrypted key, everything below 4.0.1 is encrypted per 1.0.0, 2.0.0, and 3.0.0. [1] Pad determined by: 8 - ((4.0.1.3 + 4.0.1.4) % 8) (??) PUBLIC: (Each .pub file's Base64 string contains 4.0.0.0 to 4.0.0.1 inclusive above) 0 uint32 allocator for 0.0 0.0 Public key keytype (string) 1 uint32 allocator for 1.0 1.0 Public key payload (bytes)