############################################################################# SSHSecure - a program to harden OpenSSH from defaults Copyright (C) 2020 Brent Saner This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . ############################################################################# The following uses the aes256-ctr/bcrypt encryption. The passphrase is "test". The new "v1" format contains the header "-----BEGIN OPENSSH PRIVATE KEY-----" and the footer "-----END OPENSSH PRIVATE KEY-----". All length ints are uint32, network-byte order. PEM: -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBQEy9ykA 1o4KMfnXW28KW8AAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIL+iAxqlRjET5A4W iWr1A8Upnq12sJy2OEb0HMTeF0D2AAAAoMSXd80NGn0323ehgUmRJ4+M6Z1XLixma5O5mG dCXGDaRlL924VVCYUytRvu7ilZ+dtc9aCQUFJyDF3iXyxN2H68x7teo9e8vqzGtzLkw5KV 2Zkal+8/CDj4qb/UPts0AxiWSQiPbPt4lG+5FONYrGq8ZGkQcvXyeIU02dQtf0BrxQkLMN 8jy33YxcuTjkH6zW446IRbgWC/+EBZgRjUR8I= -----END OPENSSH PRIVATE KEY----- HEX: 00000000: 6f70 656e 7373 682d 6b65 792d 7631 0000 openssh-key-v1.. 00000010: 0000 0a61 6573 3235 362d 6374 7200 0000 ...aes256-ctr... 00000020: 0662 6372 7970 7400 0000 1800 0000 1050 .bcrypt........P 00000030: 132f 7290 0d68 e0a3 1f9d 75b6 f0a5 bc00 ./r..h....u..... 00000040: 0000 6400 0000 0100 0000 3300 0000 0b73 ..d.......3....s 00000050: 7368 2d65 6432 3535 3139 0000 0020 bfa2 sh-ed25519... .. 00000060: 031a a546 3113 e40e 1689 6af5 03c5 299e ...F1.....j...). 00000070: ad76 b09c b638 46f4 1cc4 de17 40f6 0000 .v...8F.....@... 00000080: 00a0 c497 77cd 0d1a 7d37 db77 a181 4991 ....w...}7.w..I. 00000090: 278f 8ce9 9d57 2e2c 666b 93b9 9867 425c '....W.,fk...gB\ 000000a0: 60da 4652 fddb 8555 0985 32b5 1bee ee29 `.FR...U..2....) 000000b0: 59f9 db5c f5a0 9050 5272 0c5d e25f 2c4d Y..\...PRr.]._,M 000000c0: d87e bcc7 bb5e a3d7 bcbe acc6 b732 e4c3 .~...^.......2.. 000000d0: 9295 d999 1a97 ef3f 0838 f8a9 bfd4 3edb .......?.8....>. 000000e0: 3403 1896 4908 8f6c fb78 946f b914 e358 4...I..l.x.o...X 000000f0: ac6a bc64 6910 72f5 f278 8534 d9d4 2d7f .j.di.r..x.4..-. 00000100: 406b c509 0b30 df23 cb7d d8c5 cb93 8e41 @k...0.#.}.....A 00000110: facd 6e38 e884 5b81 60bf f840 5981 18d4 ..n8..[.`..@Y... 00000120: 47c2 G. ANNOTATED HEX: 0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00) 1.0 0000000a (10) 1.0.0 6165733235362d637472 ("aes256-ctr") 2.0 00000006 (6) 2.0.0 626372797074 ("bcrypt") 3.0 00000018 (24) 3.0.0 - 3.0.0.0 00000010 (16) 3.0.0.0.0 50132f72900d68e0a31f9d75b6f0a5bc (bytes) 3.0.0.1 00000064 (100) 4.0 00000001 (1) 4.0.0 00000033 (51) 4.0.0.0 0000000b (11) 4.0.0.0.0 7373682d65643235353139 ("ssh-ed25519") 4.0.0.1 00000020 (32) 4.0.0.1.0 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 (bytes) 4.0.1 000000a0 (160) 4.0.1.0 - 4.0.1.5 (AES256-CTR encrypted block) (bytes) c49777cd0d1a7d37db77a1814991278f 8ce99d572e2c666b93b99867425c60da 4652fddb8555098532b51beeee2959f9 db5cf5a0905052720c5de25f2c4dd87e bcc7bb5ea3d7bcbeacc6b732e4c39295 d9991a97ef3f0838f8a9bfd43edb3403 189649088f6cfb78946fb914e358ac6a bc64691072f5f2788534d9d42d7f406b c5090b30df23cb7dd8c5cb938e41facd 6e38e8845b8160bff840598118d447c2 DECRYPTED 4.0.1: (...) 4.0.1 000000a0 (160) 4.0.1.0 f890d89a (4170242202) 4.0.1.1 f890d89a (4170242202) 4.0.1.2 - 4.0.1.2.0 0000000b (11) 4.0.1.2.0.0 7373682d65643235353139 ("ssh-ed25519") 4.0.1.2.1 00000020 (32) 4.0.1.2.1.0 (bytes) bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 4.0.1.3 00000040 (64) 4.0.1.3.0 (bytes) ce6e2b8d638c9d5219dff455af1a90d0a5b72694cfcedfb93bc1e1b1816dee98 bfa2031aa5463113e40e16896af503c5299ead76b09cb63846f41cc4de1740f6 4.0.1.4 00000012 (18) 4.0.1.4.0 5468697320697320612074657374206b6579 ("This is a test key") 4.0.1.5 0102030405060708090a0b ([1 2 3 4 5 6 7 8 9 10 11], 11 bytes)