63 lines
2.8 KiB
Plaintext
63 lines
2.8 KiB
Plaintext
#############################################################################
|
|
SSHSecure - a program to harden OpenSSH from defaults
|
|
Copyright (C) 2020 Brent Saner
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
#############################################################################
|
|
|
|
ANNOTATED HEX REFERENCE:
|
|
|
|
PRIVATE:
|
|
0 "openssh-key-v1" string plus terminating nullbyte
|
|
1.0 uint32 allocator for 1.0.0
|
|
1.0.0 cipher name (string) - if not encrypted (no passphrase), "none"
|
|
2.0 uint32 allocator for 2.0.0
|
|
2.0.0 KDF name (string) - if not encrypted (no passphrase), "none"
|
|
3.0 uint32 allocator for 3.0.0 (nullbyte if unencrypted key)
|
|
3.0.0 (virtual) KDF options. This is "missing" if it is an unencrypted key.
|
|
3.0.0.0 uint32 allocator for 3.0.0.0.0
|
|
3.0.0.0.0 Salt/IV (bytes)
|
|
3.0.0.1 Number of rounds/"work factor" (uint32)
|
|
4.0 uint32 allocator for # of keys (currently unused; hardcoded to 1 (left zero-padded 0x01))
|
|
4.0.0 uint32 allocator for public key #1 (4.0.0.0 to 4.0.0.1, inclusive)
|
|
4.0.0.0 uint32 allocator for 4.0.0.0.0
|
|
4.0.0.0.0 public key #1 keytype (string)
|
|
4.0.0.1 uint32 allocator for 4.0.0.1.0
|
|
4.0.0.1.0 public key #1 payload (bytes)
|
|
4.0.1 uint32 allocator for private key #1 (4.0.1.0 to 4.0.1.5, inclusive?)[0]
|
|
4.0.1.0 Checksum (random uint32) #1 (should match 4.0.1.1)
|
|
4.0.1.1 Checksum (random uint32) #2 (should match 4.0.1.0)
|
|
4.0.1.2 (virtual) Copy of public key (copy of 4.0.0.0 to 4.0.0.1, inclusive)
|
|
4.0.1.2.0 uint32 allocator for 4.0.1.2.0.0
|
|
4.0.1.2.0.0 public key #1 keytype (string)
|
|
4.0.1.2.1 uint32 allocator for 4.0.1.2.1.0
|
|
4.0.1.2.1.0 public key #1 payload (bytes)
|
|
4.0.1.3 uint32 allocator for 4.0.1.3.0
|
|
4.0.1.3.0 Private key #1 (bytes)
|
|
4.0.1.4 uint32 allocator for 4.0.1.4.0
|
|
4.0.1.4.0 Comment for key #1 (string)
|
|
4.0.1.5 Sequential padding to align private key to cipher blocksize (8 for unencrypted keys)[1].
|
|
|
|
|
|
[0] If it is an encrypted key, everything below 4.0.1 is encrypted per 1.0.0, 2.0.0, and 3.0.0.
|
|
[1] Pad determined by: 8 - ((4.0.1.3 + 4.0.1.4) % 8) (??)
|
|
|
|
|
|
|
|
PUBLIC:
|
|
(Each .pub file's Base64 string contains 4.0.0.0 to 4.0.0.1 inclusive above)
|
|
0 uint32 allocator for 0.0
|
|
0.0 Public key keytype (string)
|
|
1 uint32 allocator for 1.0
|
|
1.0 Public key payload (bytes) |