49 lines
1.5 KiB
Plaintext
49 lines
1.5 KiB
Plaintext
|
= OpenSSH Key Structure Guide
|
||
|
|
brent saner <bts@square-r00t.net>, https://r00t2.io
|
||
|
|
Last updated {localdatetime}
|
||
|
|
:doctype: book
|
||
|
|
:docinfo: shared
|
||
|
|
:data-uri:
|
||
|
|
:imagesdir: images
|
||
|
|
:sectlinks:
|
||
|
|
:sectnums:
|
||
|
|
:sectnumlevels: 7
|
||
|
|
:toc: preamble
|
||
|
|
:toc2: left
|
||
|
|
:idprefix:
|
||
|
|
:toclevels: 7
|
||
|
|
:source-highlighter: rouge
|
||
|
|
|
||
|
|
== Purpose
|
||
|
|
This document attempts to present a much more detailed, thorough, and easily-understood form of the key formats used by OpenSSH. The extent of those formats' canonical documentation is https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key[the OpenSSH source tree's `PROTOCOL.key`^], which is a little lacking.
|
||
|
|
|
||
|
|
== Basic Introduction
|
||
|
|
=== Legacy
|
||
|
|
==== Private Keys
|
||
|
|
|
||
|
|
In OpenSSH pre-7.8, private keys are stored in their respective PEM encodingfootnote:[https://datatracker.ietf.org/doc/html/rfc7468] with no modification. These legacy private keys should be entirely usable by OpenSSL/LibreSSL/GnuTLS etc. natively with no conversion necessary.
|
||
|
|
|
||
|
|
==== Public Keys
|
||
|
|
|
||
|
|
Each public key *file* (`*.pub`) is written out in the following format:
|
||
|
|
|
||
|
|
A B C
|
||
|
|
|
||
|
|
Where:
|
||
|
|
|
||
|
|
A:: The key type (e.g. `ssh-rsa`, `ssh-ed25519`, etc.)
|
||
|
|
B:: The public key itself, Base64footnote:[https://datatracker.ietf.org/doc/html/rfc4648]-encoded
|
||
|
|
C:: The key's comment
|
||
|
|
|
||
|
|
The structures specified in the breakdowns later in this document describe the _decoded_ version of *B* *_only_*.
|
||
|
|
|
||
|
|
|
||
|
|
=== New "v1" Format
|
||
|
|
==== Private Keys
|
||
|
|
==== Public Keys
|
||
|
|
|
||
|
|
== Keytype-Specific Breakdowns
|
||
|
|
include::rsa/main.adoc[]
|
||
|
|
|
||
|
|
=== ED25519
|