110 KiB
OpenSSH Key Structure Guide
Last updated 2022-03-07 02:34:27 -0500
1. Purpose
This document attempts to present a much more detailed, thorough, and easily-understood form of the key formats used by OpenSSH. The extent of those formats' canonical documentation is the OpenSSH source tree’s PROTOCOL.key
, which is a little lacking.
2. Basic Introduction
2.1. Legacy
2.1.1. Private Keys
In OpenSSH pre-7.8, private keys are stored in their respective PEM encoding[1] with no modification. These legacy private keys should be entirely usable by OpenSSL/LibreSSL/GnuTLS etc. natively with no conversion necessary.
2.1.2. Public Keys
Each public key file (*.pub
) is written out in the following format:
A B C
Where:
- A
-
The key type (e.g.
ssh-rsa
,ssh-ed25519
, etc.) - B
-
The public key itself, Base64[2]-encoded
- C
-
The key’s comment
The structures specified in the breakdowns later in this document describe the decoded version of B only. They are specific to each keytype and format version starting with item 2.0
.
2.2. New "v1" Format
2.2.1. Private Keys
Private key structures have been retooled in the "v1" format. In recent OpenSSH versions, all new keys use the v1 format. They no longer are in straight PEM-compatible format.
Refer to PROTOCOL.key
for a (very) general description, or each key’s specific breakdown for more detailed information.
The v1 format offers several benefits over the legacy format, including:
-
customizable key derivation and encryption ciphers for encrypted private keys
-
embedded comments
-
embedded public key (no need to derive from the private key)
-
"checksumming" to confirm proper decryption for encrypted keys
2.2.2. Public Keys
All public keys in v1 continue to use the same packed binary format as the legacy format.
3. Keytype-Specific Breakdowns
3.1. RSA
RSA[3] is a widely-supported PKI system. It is ubiquitous, but it is recommended to use newer systems (e.g. ED25519) for OpenSSH if all clients and destinations support it.
The key structures have references to the RSA notations in single quotes. You can find these enumerated in RFC 8017 § 2 or RFC 8017 § 3.2. See also the Wikipedia article.
It is highly recommended to use 4096-bit RSA if using RSA keys.
3.1.1. Public
3.1.1.1. Structure
Public keys are stored in the following structure:
1
2
3
4
5
6
0 uint32 allocator for 0.0 (4 bytes)
0.0 Public key type string (ASCII bytes)
1 uint32 allocator for 1.0 (4 bytes)
1.0 Public exponent ('e') (hex numeric)
2 uint32 allocator for 2.0 (4 bytes)
2.0 modulus ('n') (bytes)
3.1.1.2. Example
.pub
format1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3zsBGAc4qEvDJJMuaMOuZAGaBLLFDaRk/MLK5/dSvyzAMkY8qd9ZEEPNheufIyjGMJX08TfTixBCLu+k6holLoUs1dfL3IVC8OB3L+3QsehloZv0xhKzpZ2Gt2g/CmS9shm11aZGfwi2cS/DeQFqMdtUZqipTKdxoJXdyKaXQt1OnglqJuVJ1+cAl4hU0PGyIzWaQoiH4rp72de5GTcfRGNpBBQfqXWtkid1gr9imZGSS2z4nnxp4JA24q72mxQcUyWNmUKcggef6XUcsFCiwfq5dFbZOoeKnUIUS/pq2VfhqMTSG08yh3Y6QrMXJ+6TW52dQf7q586f2jHSBQq8qNwHTGoqbdRGViqdxh7pwLtk004WvzuQjgOleDn6bwPTSM2f8dwN0Fnt/CSb7b9ttBarRz9GRgkhFsBThgVO/DR08Ox+tuyWj8dFR+baEYz2MFpD82MrQWqwq6yPb8Zo35ICgCJEDGcEW1HvZJLOZQlQ7iKD2EnlSstjhKQ8wKfVCrr6cDI42zzKWhlzWZDyJJNVm6/SXGAk5mhrAlv4e3Dtfhxv17wtNRODqJ2INIFFC4L/PZ3tNsCVTISGj8HRapNBYYzFzMleFWlzsvjrEQD0E/wzAxYt8BJBLQCElwrwqY6IOuzCcxvPmXbMBoFi42s4H5xs48/NZVDP2mxmPBw== This is a comment string
AAA…PBw==
) 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
0 00000007 (7)
0.0 7373682d727361 ("ssh-rsa")
1 00000003 (3)
1.0 010001 (65537)
2 00000201 (513)
2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
07
3.1.2. Private
3.1.2.1. Legacy (Plain)
3.1.2.1.1. Structure
Legacy private keys are encoded in standard RSA PEM format (RFC 7468 § 10, APPENDIX-A).
3.1.2.1.2. Example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA0cey1didD//oq66foKO2IUqFAl0+EF9nMiDfu4LTM4SSoajP
Q02jewKP/GW9M7eFcDNf3UC5BUNkWym7uNzT6JlkKREZpe6AFsl4hNIfN+uoZSXA
5vUsqCW29+6lNALMwAHS835cMZPg2IIPQW21nudsMUH0+U4npwfc5jRButoxYnOT
LwbpTsDE8L1SXQdNojdfBQ/Ftk+mMr2E+boFv38lQMksfvY9nNhp5JKklyrmQtGv
2M1ChJXHKMCkspKpuIvM6ORIp5FMLmLpe1HR5HpxVFKGjCQaRhtwRnUrY69LhyEc
XtTt2O6OuiwFZbMcOTVSkGJUZ3qDKvRT9V4LA1WAvIKIqwkwNPoGdv8lVBgNL17c
32GTtb3eGg3zYl9pJu1bsofnm8KGrKGYG0qBWjSdKcpGLRvbPj3d0m0YPk1smCid
XnGCyzrG3gpMy0DS5SAyUl585rmfx/HJFtfSbhQTOR3lT1AMYRNNDej+pWX9ZAQC
82mnIdRLIXQL60BPLX/xRjHWva+0s3arfNhB1F0gxJWdMwCU7Fsd7M0m4bL519pt
t+fwnGgoEjOGDaiPzfARfi/IZ90npNmAS9WoDt94/uQdbGWXA9naww41z2IcuY5V
uPqeJkyqflA49GnYyiJz273fh3EnDqdudBTqAMZnUsRW/nJoNi64GldfXv0CAwEA
AQKCAgAldEcswRkBw0oSZQIhFzmsZfarfmRXXgE5xP7NJsV4nEHl1RL0TEdU7hcx
FCUct7Z+Wt3Rzf16wBaJ5ECc9+hpzgFBB8mRg6yg5OW8qRtjy5JsRLpVQg7wEpPB
Xn1mdN2Dpo+4Y6YoP+PUJBx/LQxRS7ZYcRNA88BGpTO+cjQOHWjV0BbGPbCoG+jN
pq+u5l/pB4PSjodZTo043/d+8sSV9Sh8ka59GI/VkhoN8lSqnMExyuhfh/5JV8iQ
MRz2uRLOXT9/kUqbiGiWm5heKTSVW3sid/2HxeZfAAUiv0a47JJKlRHQqKmyop0f
Bj8Mclcmq6uLFdNGCmyi3a6jz1+drKPovO8H9ZTKx7sujxbR1lIC1BPfzFQ1LzjT
A+n1Yp0gR9LA83TnzysGiYpl2MJYijbB8FPbXdJOMBNO63Jrr0DrF0VdI6Vf9GbA
HAmz+IbPD+ZTZNktzpv1MmTE+4W/7E/i22KwpJy+/6RYpkDCu3vTKS4L46BQsN4W
Gm2EL+kdzzmyCog3Vi6b0JRNd0dlKdZQKBanGtm4m3vx6PGhQFt0OZYu/QxDlLuK
YhlKDIpBdZTTL/PIk4xx89X826fm2DT3ZSK652YCiU35nO1VqU+hKl4gA1dhp4DN
/wg4LGFtwVhcwr1NyAC+nsFVTYU9Wszl+qpMOK/kKy7WH1K8rQKCAQEA/wXLJPeL
e3QG0E7TlMmOxq2yUFhu7WMybmhW5z3su9jHNxZ2qEP7Vzer4LiQNmnJiNKFQ8El
fjywSHINW1+OJXs3M6W3vQLw03XfYt69X2kC9uhooo0/xj8++YhVL4pmI9K7uI0Y
IkFI2I9rsV6rb7tiKdeFW9NK9AoGp5StSwrVWvgPLwWl4ipVvZhDcRK2VsD8DqNU
5QwX5l+wnFlR77XIi7c73UwbEictp7ZGwpDDVT7EBJRhruaybRoIGKHX4etJXPGz
J2L/YQII4H44e7L00qTvfpxNHcdaqqIdZ/Rn3hKqoQBa1lZJf3WjDq70lq26aJwC
h34COSjbwKM/HwKCAQEA0pWEU54DE4ybznDxUZsLgD1xPYpqMTKO6yAJijwMobFv
Py9nc25vK0u6RT1It7eIse7TilpUZPB9PDV3sL+kgH5mW1OpvvfMtmncAM68KM7R
XXBCcpCp0ke1DBNZtNLXFR8OSoJ2Vd2+XbeF7+uRHW4UCHtZttWPke8rokVCFXGN
JgM6ubF7QPNcZ/gSclhZORP5e4QR1tFppA3dN/ehLaU7Md45oqYRE9y5oONEdnQA
9b5t1vMqL3TgIHuD6m1nlITmmWSQIWm7BObAz1WmBpyluz8kVeLj8yu+My6VnxNl
0P1yEVck9mMlNqzgA6i0ilcPMJoU0M+2Fzr72yFKYwKCAQAPro2FYmuDVektWguM
tLBA62Fxq1523oi1XVkqsxYhnvzxGEKHqlaEUHoTQYYssmigL0HenrvtfVHhwpGr
sr6M83y7gk9AIjQo7LCl5ciDW3PBNx1oEYOAb1cyBP4oBDyvqz+744E+agFOv9MB
fy7Pmhg5NnWO5flP9GXgXDYjzTC9fU+BtrkypSPMmtZa16m6v/c/9y87Pnkhw3Sa
yKtPMEB6xvO5cfqgLSSTkZPcVwaL8WYgWfd/x9Pk/ZrN2PXrgIpsWriHjYDiuDtP
grN6d9CyO0423OmpER80Ku/f+pmAgGlZqSns0DWIzvUN7BhCQ8CYui81obwFQ8vv
lppFAoIBAD5UbxRo4rQ4nC1glKz43VCZ3xi+DWx+cHr7wpcd6wc5A5qKJ26tM053
Xaz81Lc8JcO00vxSfERcQlU95i10q/Y0c4t4mfeiVP9xGeNLTboubR3hCmnqk7lf
7CCk4Zp6BZuE07AOKYSE28HVflljOlKhsGBKUmWhlJs3VYz0Pvkl4QdtUUaBV+AD
qEhFzv/1UoNofCGpF7ajyUb7q4zTSOu/ymOaSSjxSoC8hl0up6b/8wDJ2q0S0Fu3
lldG9+a9dzkolTC16UtahjaPLmawDTJLz2o66EBbpejl+6gek76/+RUAz3B+gLxE
4FDsnmm216lS13YlRSABOv5pQP69Pc0CggEBAI8eT3npJUQX31Gej0KvN4h0Sq0t
eYtLF5+uEoDr+DTD0MHv6Cta0QpBKzvOljDtxqNTu8oiNkkhch4daXMOD/qfdk9y
C+befW1llA6ni6qNF5SlJWVZoyJgasAotzdK7bAIHmJ2BVc1NH5RWYipEWrcfwGA
JSpC9D6V5wxP0GQa3hl0X7w/2pFNfv7jZ3VeYP91xbn01r4hUdyR2ryOBd817t/N
aLB3RLkJazg7EKadnM5elAwFZ7PKWjnAyIYH6BoUbs3YonySFPpp9Z5SxidrRpb+
Zb7jkiz4m88ol7ezdWZyHhVMZqy4bWMCI4moTDcpqJuox6JTQiO2Ajj2pFU=
-----END RSA PRIVATE KEY-----
3.1.2.2. Legacy (Encrypted)
3.1.2.2.1. Structure
Legacy private keys are encoded in standard RSA PEM format (RFC 7468 § 11, APPENDIX-A).
The Proc-Type
field is defined in RFC 1421 § 4.6.1.1.
The DEK-Info
field is defined in RFC 1421 § 4.6.1.3.
3.1.2.2.2. Example
The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is testpassword
.
As shown by the header’s fields, it is encrypted using AES128-CBC with the IV of 822FAE7B2F5921CBD9143EDE93B22DFA
.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,822FAE7B2F5921CBD9143EDE93B22DFA
2vAiqYbBxVV+2LszZQ4ybpMIopqtL+mT6PZ/DNJWD9t7wUUynXS6fMBA45CRrsRI
VTtb1m+ZBo80WaY7PvbYUuX7BS4lWoJ9VFRwtVVPgN4CBOP8ILgQFvywY+yKZW/j
IB9m29XHN4GVxMZctsgUXfiff49juI4P0uVTRxwJ44HtqBFIYyRtQhhK4pcC7KlD
J4X7Fl4J6KRWXBktmZGy6wTLXcfekMwUAbgPuvswhsovjXbTjh0eJVMQbqyFg4N/
hKEkeOznyVuZbAFnNB5johN/HlpoifGcmNh169FsZzuwMuDUOg//JmH2HgwYLCpy
JQgnsd6AqtlbZkTsoI4Mky0+a8A5y9iMl6Qw1AESt1ISb2k+iKtqXq0EkSzheB6a
aMtcSp7iIP5SKoV81Hl0L9Mnr8Ni/4HDNKLxi7msixN2v69ctB/m45bL3PMErVcm
7knY6Ps8jha/zGKVEQlEkCa7S/P5snb/MyMualc3PN/sAvWfcxLUi97pPU0HUZCX
RS1HR2Fc+FqfMAX+B+Zfr/cmlTSirrPQr387CDospv6UyzGgf6O5ZmGTp47T91mc
i/4GRHFUQ39nM9sD79fofk3Gdo/manhL1mFvti8Vy2jRXbwXuWhZNTy9J+gRkjR2
X1NfRDaZlWfcDgUplqqZEbPFElRL8w00PTA4ZOWAt1a5jtQaNXh7JvnlC3oWDSW7
RgAyAfvvUjigslfobMmMAbQt6gPcCHjnGMst11Xqcvw0c/+8sXVb5LOzAupOlb9B
lhPvgAuhr0k5azseCD0Y1uyahh5rcIcaN08KaLI1t/nWUYwvSfGx1ej14q1F/Y+Q
eDmS1695jWngX+FF1GdDzPRWYQhjeBl4V1dV+aTxLamWS8Oz4jk0pkzTwdl1yKDB
I60t6uhFpummMbKIqvFtOkpqdLjGXZ8bSVbgHu7uPyycJ+PZCgpn/fYxqJNvIhsO
x4QzKz1p6cFg0hxYKAcKqgIZUbmEu0MRr/VHDaR5K8AlSlVNz8ur62O4YEOslUFC
Tv8d0LBd80OyrhpoJhK7fplVbFx2jkmVkLSjbwTPWz7HxLO3u/fQ1+higQHbAGqg
75i4gpQVUDQE4KwPXjsjwhU1jrYyk2snnwmRa6yfYd61CI1lGJOycgm1tS90NNKA
/sZmBG2u/t+UFDX+cBIkdA6B4CwRaPmvo27jv1Mk3u4N/zp+FR9IUxCnc8Z3Fo7F
IKZAAEhtZniXG0t82aIXHdw7bQtH9eZsP/Il9ozaNW5Oky51AH/SCZT24vnOyc/U
RQPP8g+59bjeriG/QAZ/Ezv6TilW06i/0xOo9i8ZyJdtPLuQ9q9ijNydCCqB/yE/
Q/VTYQxHV1GBmpb89p//VpeqKmyTFISGK3r+nTHelVLgy8zDLWSSRkDQEu2n+7ou
RwRli6ZrqsMBqhsBPcD/SzerRaq3AkstQ21C1fDpnBoXdRzx52wQcd3mKmspRLgc
w/V2zaJqzjKaqfqNaT3xBTns0BGUBMCzaE+YtSHe2+NiHnxioU8H2wQz0CM2rjJE
LBjfw4raTwrOSOufo7JqjMr5JrUeTy8Gqv1Wq8YrqmsPPrXmhhasxYrV/aqN96/m
UZgWVjD0G3NOHDcQ+yPQrjodPEbokeLb1y+Hw8os53sirWwKkUnPKK1tpZtsmCjR
wJTcaZVhGVdgWvxZnBGGvkDdxJBGisFc+IgnEWjgVxLiHkeXoyskgdB9zwYzNgJl
B0NuxgGnLpcNpTz11tPAvpJYHIFTgW/cjMfGh47hfJxCAyEa4qdlwk6YbvUHDEml
qzFMP70LbS18ck6SiP1ITVgxznT4CwuWXUdXTI1T1F9AY9u0Y5NPlB5SN7e/1Pq4
1sf9NhUjgIVrxXoILUXDVreEcZj8B2zQOS4HcbQnQlUZuIbVKgot7UnHtTmALEu7
YIYqKKr0GZCBpNi+qkBQd0RFsMNV6241X+BIwnHSIKBJ08PJ4O6H0RxK6KSshZV3
bZGJcDrARHd/VbEmUE3pJbbesgwrOBvY9mh1iGHfYyoCabagdgEbXAqgAGKihvQ7
l4J28BI4rbCU23U5BtBEGhHwhFC9tvkwx8/ImbzIwKqRXRN1fJys0ReYONWkOv7J
OBU3kvjhKUivcbAG6guz6hwP9I+450dE2Q4V54LabeQSZ3rfBk+SCXR6w6aX5us9
ydLVqtUxvhyqP5/61seNWwDmvdB8A9DFKHuxPqhVKxhumfoe0T+zkOUmuVRLafIv
AGCxIVQBm1DEnuG/c6cMlgzw9qITrMgJAzqpyQDBslAxfa45+ViPHYFIpPhd+iGg
aaj6q9Clkl3tLoZvZ1D827zMfpq1Kaog9VsxQSiaAmpC5e/N+QaPunPIZTyDtaPj
5H7uCm27yHGG5z8yehmlDcPc2I1TjN24Dfzxi6AaiEZ/BAaUv8pTs3r4n2BAtzPm
u0zE1vw5UsZ59QmsHRgBO6z8IYA+HhNt+sd0krYfuJ1MUiSH03uhYAiGFoqHngAN
7w18EcsJPFUL1NTMy4dK6SaZFxIvPItbzf49Bwc03ruUt7Zy95Odz7UsjyD4msSE
q8/DAtzFPgztBlNieUH4N0w5Qu4x3hSx3/xgp9e+7njQo7mE+yySh7NPV27HaFKz
htsnuMaOzVMis9WLOq6egrsEaJ6BM3WRSPBa8ZjHdWYeVQ6WFLs2v7wX/j19Q9GZ
bdWkI1wBHcyz4MLUeJESFt3uqrHeNTLm5BWaGCeqtHeeHhoAquAJdjceLcDW7Le4
tkQj3FxLFUCKlZt9H/gyDKwDhHShONFDWPbItKHrHlmSftsOiWNt7X9r9MEaxyWh
KIJcTV2JsrhDHcNHUDniSi0qYhVsAkLSng6xxy/A4bQIz0Jhp42+Sk0aJVj+DaBa
5K0ctJ1f/YoQv7SjOJAMEvoGLCVPFLFbWQpDhtvfpgB7g9/qpJKL5/ixDDgfRf58
NN9CdVs/JPpuZiSmR86gAgHrDblaBcIOtUoKBPfZweiJKowN2li934JZRs2xuamv
HQEqEb9jJPj+eDv9FlCgCzBTdkiaLuuqU9agB6Ji8NMFDedj7rErkCUZ8tE9wqfY
ftSfkGNUzTzPFbF5iEukTvKm42a7F/I/ExMVgpN/eQxJ7+m5TOgja0KC1h5fCN4L
-----END RSA PRIVATE KEY-----
See the plaintext example for the decrypted (non-password-protected) version of this key.
3.1.2.3. v1 (Plain)
Tip
|
Since plaintext/unencrypted keys do not have a cipher or KDF (as there’s no encryption key or algorithm used), they use the string "none" to identify these (and entirely leave out the KDF options). |
3.1.2.3.1. Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
1.0 uint32 allocator for 1.0.0 (4 bytes)
1.0.0 cipher name string (ASCII bytes)
2.0 uint32 allocator for 2.0.0 (4 bytes)
2.0.0 KDF name string (ASCII bytes)
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes) (ALWAYS 0 for unencrypted keys, so no following substructure)
4.0 uint32 counter for # of keys (4 bytes)
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
4.0.0.0.0 public key #n keytype string (ASCII bytes)
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
4.0.0.1.0 public exponent ('e')
4.0.0.2 uint32 allocator for 4.0.0.2.0 (4 bytes)
4.0.0.2.0 modulus ('n')
4.0.1 uint32 allocator for private key structure #n (4.0.1.0 to 4.0.1.5) (4 bytes)
4.0.1.0 uint32 decryption "checksum" #1 (should match 4.0.1.1) (4 bytes)
4.0.1.1 uint32 decryption "checksum" #2 (should match 4.0.1.0) (4 bytes)
4.0.1.2 copy of 4.0.0.0; allocator for 4.0.1.2.0 (4 bytes)
4.0.1.2.0 copy of 4.0.0.0.0 (ASCII bytes)
4.0.1.3 copy of 4.0.0.2; allocator for 4.0.1.3.0 (4 bytes)
4.0.1.3.0 copy of 4.0.0.2.0 (bytes)
4.0.1.4 copy of 4.0.0.1; allocator for 4.0.1.4.0 (4 bytes)
4.0.1.4.0 copy of 4.0.0.1.0 (bytes)
4.0.1.5 uint32 allocator for 4.0.1.5.0 (4 bytes)
4.0.1.5.0 private exponent ('d')
4.0.1.6 uint32 allocator for 4.0.1.6.0 (4 bytes)
4.0.1.6.0 CRT helper value ('q^(-1) % p')
4.0.1.7 uint32 allocator for 4.0.1.7.0 (4 bytes)
4.0.1.7.0 prime #1 ('p')
4.0.1.8 uint32 allocator for 4.0.1.8.0 (4 bytes)
4.0.1.8.0 prime #2 ('q')
4.0.1.9 uint32 allocator for 4.0.1.9.0 (4 bytes)
4.0.1.9.0 comment for key #n string (ASCII bytes)
4.0.1.10 sequential padding
Note
|
Chunk 3.0.0 to 3.0.1: These blocks are not present in unencrypted keys (see the encrypted key structure for what these look like). 3.0 reflects this, as it’s always going to be Chunk 4.0: This is technically currently unused; upstream hardcodes to 1 (left zero-padded 0x01). Chunk 4.0.0.1.0, 4.0.0.2.0, 4.0.1.3.0, 4.0.1.4.0: Note that the ordering of Chunk 4.0.1.10: The padding used aligns the private key (4.0.1.0 to 4.0.1.9.0) to the cipher blocksize. For plaintext keys, a blocksize of 8 is used. |
3.1.2.3.2. Example
The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is test
.
id_rsa
Format 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZPzCyuf3Ur8swDJGPKnfW
RBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/t0LHoZaGb9MYSs6Wdhrd
oPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdTp4JaiblSdfnAJeIVNDxs
iM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J58aeCQNuKu9psUHFMljZl
CnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2OkKzFyfuk1udnUH+6ufOn
9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8D00jNn/HcDdBZ7fwkm+2
/bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ/NjK0FqsKusj2/GaN+SA
oAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs8yloZc1mQ8iSTVZuv0lx
gJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEho/B0WqTQWGMxczJXhVpc
7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuNrOB+cbOPPzWVQz9psZjw
cAAAdQU4NHElODRxIAAAAHc3NoLXJzYQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZ
PzCyuf3Ur8swDJGPKnfWRBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/
t0LHoZaGb9MYSs6WdhrdoPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdT
p4JaiblSdfnAJeIVNDxsiM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J5
8aeCQNuKu9psUHFMljZlCnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2O
kKzFyfuk1udnUH+6ufOn9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8
D00jNn/HcDdBZ7fwkm+2/bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ
/NjK0FqsKusj2/GaN+SAoAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs
8yloZc1mQ8iSTVZuv0lxgJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEh
o/B0WqTQWGMxczJXhVpc7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuN
rOB+cbOPPzWVQz9psZjwcAAAADAQABAAACAEmfLHBeBL/hekR20n5eHd/YwzX2OsIvdIdU
8CGDRA9tqT8/hkKSYWY+C939pp1ML3BdC7590xqJQb9WcuKYRKHgZwlwxvKpi3b4Wyb6/t
tZxJeGuN9+ruuGFx/Vef6N8OrdJTakJEoDMtWprT64NAyTBGQVPoK0/61PZHp7qAjjhURQ
+Aa2DgtnD8mctrWHhkl9TBmed1DuUImTTu8l9GUSOUlVxIfhB0Tr25oAlRyAlbAk1M518d
oxRrWzRHFp9Z4j1AaFQ4vHvK0Rc5J6OJoJA7oRGkaAnRI7NDIZfMqPwMJ4FvvyFcK3xYS5
TzfJ7YqOgVlC7/3PVHVyaK/lj9cAzc9qmKIJUGF7BiSqg12V4n16/N7nDDl8obaqBHNebV
xeAb//IXTPVi02hCYkSQ4SyoFCWV1SVnSU84shJAEsrKyyVk4hyEXrlPXW6/bzkGbh+gSz
GBdOb5mUgjuk2e8sKLN8s+oF+jytcgCJg5QnaDVSPk5BYFTyPbDrcyIR06EepVE5CujVjW
nhRmTg4g8r8MzSTSYLgyqUFE9YAep827JDbyG6LbrsvNVz8kxeDUP9JrSuZ2ThON2vR3Ws
AWPkVyfBACf3FsvjzHD/9zRBuyU45UJqGlY4tEinveloBB7CGE72ew2mAHApfNc97u/r0Z
UWEcendslW4Y5fFjohAAABAAri4c8kVaDYInLmpCu7qD63ZUluWjPhO4yUdW2MMvfXUF/Z
l73V7AjFm/jR1lnR3wK+xmnrtaqvXbHscM4vKms6F7ex/OOtxiA8KQXNZS12IgZd0BGuM4
lEZ8bco2Q5UrDK7f+bx4rEBAgHQCdWbuTEdRrT/0UqJ4Gvi1wsm/CbNO5eYgEzC0vDga92
Z5hmfFua0HM8GfTvR1/SZGVeAwVT8vL43lnCrudLndZyDjEIFD3+3UHPS8Ed4rmp9A+uxy
pSMSq+5MYVWs/uk4ShY0jHFTRuvmk4lf5tI0jU3tsKE3xIcYX/lJwgkRW5yKEGMpmR8Eno
Qwx7pg3VQI1yrJgAAAEBAOULZbpq5MsprmYSnD5B/+ujbNbsuqcEX/kM6nHQm8BWsLkTTc
V1TEnaH+irFpzRSe7a7M9JE9kV9PJBxf2Gx3UR4MJhw0RgCoTM546M9JPkkoRMuCxCq20S
RqU+XPUK1HWcKlwJ1TscXDtEkyjuoBQ01uU3s6UTko363fCnJygjiZuNeVIgyzNEq40OhG
4eQP/ftccZJiwrUnqJClH6q88QkEaZE197mXSH9LSNRJCtgPwls0b6C7WH8JKVvw9xrBCo
CGhn1LrQCgwnpkVvCODCv4yu2HaPA2aiRAQoGAopJhevYf6rq5pwdbi8ISCaVDm7/jYTkX
Bx/udKjV2A/pkAAAEBAM1wd2WfrZgxBLzH3FJiQrnqUs6kDpI993GsKijjd/K5IxpYwkSM
a40X/oNXHva9u8EfPUq0JU6oWWhLh3KRH5xvNVR5BT4+PTpuzOE6AWkIKYyj+LYo0hEXSa
NidijrBYRPVGeVpQZ9ObHTBOGcxvwb4AphZOoz5Ku8h/VoMicdglyGjFzNo3dbA3cR6ZQ2
+WxT83gLmFCE4dhKRYxoerCTigm/b5s//sQe0C/VsnVyx9GAA55AWlWbYvwI+ASxnwQ9uk
xvdWWxxydZ9Lky1Pk9T0HakbGxRvKYVKEAg0HkdgvdSYcJfsSmVRq5bgmaBKONaok7Uz2x
hau1VzZBnp8AAAAYVGhpcyBpcyBhIGNvbW1lbnQgc3RyaW5nAQID
-----END OPENSSH PRIVATE KEY-----
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
1.0 0000000a (10)
1.0.0 6165733235362d637472 ("none")
2.0 00000006 (6)
2.0.0 626372797074 ("none")
3.0 00000000 (0)
4.0 00000001 (1)
4.0.0 00000217 (535)
4.0.0.0 00000007 (7)
4.0.0.0.0 7373682d727361 ("ssh-rsa")
4.0.0.1 00000003 (3)
4.0.0.1.0 010001 (65537)
4.0.0.2 00000201 (513)
4.0.0.2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
07 (bytes)
4.0.1 00000750 (1872)
4.0.1.0 53834712 (1401112338)
4.0.1.1 53834712 (1401112338)
4.0.1.2 00000007 (7)
4.0.1.2.0 7373682d727361 ("ssh-rsa")
4.0.1.3 00000201 (513)
4.0.1.3.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
07 (bytes)
4.0.1.4 00000003 (3)
4.0.1.4.0 010001 (65537)
4.0.1.5 00000200 (512)
4.0.1.5.0 499f2c705e04bfe17a4476d27e5e1ddfd8c335f63ac22f748754f02183440f6d
a93f3f86429261663e0bddfda69d4c2f705d0bbe7dd31a8941bf5672e29844a1
e0670970c6f2a98b76f85b26fafedb59c49786b8df7eaeeb86171fd579fe8df0
eadd2536a4244a0332d5a9ad3eb8340c930464153e82b4ffad4f647a7ba808e3
854450f806b60e0b670fc99cb6b58786497d4c199e7750ee5089934eef25f465
12394955c487e10744ebdb9a00951c8095b024d4ce75f1da3146b5b3447169f5
9e23d40685438bc7bcad1173927a389a0903ba111a46809d123b3432197cca8f
c0c27816fbf215c2b7c584b94f37c9ed8a8e815942effdcf54757268afe58fd7
00cdcf6a98a20950617b0624aa835d95e27d7afcdee70c397ca1b6aa04735e6d
5c5e01bfff2174cf562d36842624490e12ca8142595d52567494f38b2124012c
acacb2564e21c845eb94f5d6ebf6f39066e1fa04b318174e6f9994823ba4d9ef
2c28b37cb3ea05fa3cad7200898394276835523e4e416054f23db0eb732211d3
a11ea551390ae8d58d69e14664e0e20f2bf0ccd24d260b832a94144f5801ea7c
dbb2436f21ba2dbaecbcd573f24c5e0d43fd26b4ae6764e138ddaf4775ac0163
e45727c10027f716cbe3cc70fff73441bb2538e5426a1a5638b448a7bde96804
1ec2184ef67b0da60070297cd73deeefebd1951611c7a776c956e18e5f163a21 (bytes)
4.0.1.6 00000100 (256)
4.0.1.6.0 0ae2e1cf2455a0d82272e6a42bbba83eb765496e5a33e13b8c94756d8c32f7d7
505fd997bdd5ec08c59bf8d1d659d1df02bec669ebb5aaaf5db1ec70ce2f2a6b
3a17b7b1fce3adc6203c2905cd652d7622065dd011ae33894467c6dca3643952
b0caedff9bc78ac40408074027566ee4c4751ad3ff452a2781af8b5c2c9bf09b
34ee5e6201330b4bc381af766798667c5b9ad0733c19f4ef475fd264655e0305
53f2f2f8de59c2aee74b9dd6720e3108143dfedd41cf4bc11de2b9a9f40faec7
2a52312abee4c6155acfee9384a16348c715346ebe693895fe6d2348d4dedb0a
137c487185ff949c209115b9c8a106329991f049e8430c7ba60dd5408d72ac98 (bytes)
4.0.1.7 00000101 (257)
4.0.1.7.0 00e50b65ba6ae4cb29ae66129c3e41ffeba36cd6ecbaa7045ff90cea71d09bc0
56b0b9134dc5754c49da1fe8ab169cd149eedaeccf4913d915f4f241c5fd86c7
7511e0c261c344600a84cce78e8cf493e492844cb82c42ab6d1246a53e5cf50a
d4759c2a5c09d53b1c5c3b449328eea01434d6e537b3a513928dfaddf0a72728
23899b8d795220cb3344ab8d0e846e1e40ffdfb5c719262c2b527a890a51faab
cf10904699135f7b997487f4b48d4490ad80fc25b346fa0bb587f09295bf0f71
ac10a8086867d4bad00a0c27a6456f08e0c2bf8caed8768f0366a2440428180a
292617af61feabab9a7075b8bc21209a5439bbfe3613917071fee74a8d5d80fe
99 (bytes)
4.0.1.8 00000101 (257)
4.0.1.8.0 00cd7077659fad983104bcc7dc526242b9ea52cea40e923df771ac2a28e377f2
b9231a58c2448c6b8d17fe83571ef6bdbbc11f3d4ab4254ea859684b8772911f
9c6f355479053e3e3d3a6ecce13a016908298ca3f8b628d2111749a3627628eb
05844f546795a5067d39b1d304e19cc6fc1be00a6164ea33e4abbc87f5683227
1d825c868c5ccda3775b037711e99436f96c53f3780b985084e1d84a458c687a
b0938a09bf6f9b3ffec41ed02fd5b27572c7d180039e405a559b62fc08f804b1
9f043dba4c6f7565b1c72759f4b932d4f93d4f41da91b1b146f29854a1008341
e4760bdd4987097ec4a6551ab96e099a04a38d6a893b533db185abb55736419e
9f (bytes)
4.0.1.9 00000018 (24)
4.0.1.9.0 54686973206973206120636f6d6d656e7420737472696e67 ("This is a comment string")
4.0.1.10 010203 ([1 2 3], 3 bytes)
3.1.2.4. v1 (Encrypted)
Tip
|
Currently, the only supported KDF is bcrypt_pbkdf ( See the following for more details: |
Tip
|
You can get a list of supported ciphers (1.0.0) via This is likely going to be:
The author recommends using |
3.1.2.4.1. Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
1.0 uint32 allocator for 1.0.0 (4 bytes)
1.0.0 cipher name string (ASCII bytes)
2.0 uint32 allocator for 2.0.0
2.0.0 KDF name string (ASCII bytes)
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes)
3.0.0 uint32 allocator for 3.0.0.0 (4 bytes)
3.0.0.0 Salt/IV (bytes)
3.0.1 uint32 for number of rounds/"work factor" (4 bytes)
4.0 uint32 counter for # of keys (4 bytes)
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
4.0.0.0.0 public key #n keytype string (ASCII bytes)
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
4.0.0.1.0 public exponent ('e')
4.0.0.2 uint32 allocator for 4.0.0.2.0 (4 bytes)
4.0.0.2.0 modulus ('n')
4.0.1 uint32 allocator for encrypted private key structure blob #n (4.0.1.0) (4 bytes)
4.0.1.0 <ENCRYPTED BLOB>
Note
|
Chunk 4.0: This is technically currently unused; upstream hardcodes to 1 (left zero-padded 0x01). Chunk 4.0.1.0: When decrypted, this is equivalent to the plaintext 4.0.1.0 to 4.0.1.6. It uses a padded size appropriate to the encryption cipher used. |
3.1.2.4.2. Example
The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is test
.
id_rsa
Format 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAH1LB8Cx
KDSJFkiACNbhMLAAAAZAAAAAEAAAIXAAAAB3NzaC1yc2EAAAADAQABAAACAQC3zsBGAc4q
EvDJJMuaMOuZAGaBLLFDaRk/MLK5/dSvyzAMkY8qd9ZEEPNheufIyjGMJX08TfTixBCLu+
k6holLoUs1dfL3IVC8OB3L+3QsehloZv0xhKzpZ2Gt2g/CmS9shm11aZGfwi2cS/DeQFqM
dtUZqipTKdxoJXdyKaXQt1OnglqJuVJ1+cAl4hU0PGyIzWaQoiH4rp72de5GTcfRGNpBBQ
fqXWtkid1gr9imZGSS2z4nnxp4JA24q72mxQcUyWNmUKcggef6XUcsFCiwfq5dFbZOoeKn
UIUS/pq2VfhqMTSG08yh3Y6QrMXJ+6TW52dQf7q586f2jHSBQq8qNwHTGoqbdRGViqdxh7
pwLtk004WvzuQjgOleDn6bwPTSM2f8dwN0Fnt/CSb7b9ttBarRz9GRgkhFsBThgVO/DR08
Ox+tuyWj8dFR+baEYz2MFpD82MrQWqwq6yPb8Zo35ICgCJEDGcEW1HvZJLOZQlQ7iKD2En
lSstjhKQ8wKfVCrr6cDI42zzKWhlzWZDyJJNVm6/SXGAk5mhrAlv4e3Dtfhxv17wtNRODq
J2INIFFC4L/PZ3tNsCVTISGj8HRapNBYYzFzMleFWlzsvjrEQD0E/wzAxYt8BJBLQCElwr
wqY6IOuzCcxvPmXbMBoFi42s4H5xs48/NZVDP2mxmPBwAAB1CWbizkNSQv7wl4f26Nk6Vj
CS4/O8mGtEGYyB6AScXJREGe/8BSFAHcHvW8Dk1q7et9BYgLw/cxaYubzuzq4I5eBfefTS
LelTyJnDJxhQ6A6AT5saebzsMbuhHAjbYPm9Iga8PXv+90iV5PTjcgZJ+SRUT0os6lud+5
zAor2PO6cPS6Ln9ClgRlyereEYYw+cgy/oTvVIUpl50NbqB5+dXEDjlrCY/FCUSNJt48tI
SwM0r6yro3G1LDfBIKViMXDB0KOTSKFRyfuKqxBJ9SzwwIx3FErzFCWakISPPcYuWDH6wI
cgscgTUG8dseeUDe9S3EbJfWNjzaD/fiJY4mN9LgnyYJm7/qx4gZGYt4N00kJFN/5Umiqz
3dr19/23OcOSEGSwT2/8/rVUTbUzF5A44R0MxiKZK8bQYAWE1AaKKJHcdIycFr4ywqCOls
qi3exN3Roqs7AYoLDxZqFayHCjDIDMiX2/Fa9+jCkVs2FvI3pmRuQ8Zl91aaXtGFCtjNBU
AG04lWjbVTk+eA51Ks6PBrcPHpnYa5RF2cGnpkdry/SEQApY5aWnPSwg1jCpmFu/TGkau2
HuRRWqZKcn57rEpe17tfdnx9zwA1kEIxKD2SRFhjcCqZXnkr3h1ax91iSJh7n+SwpvGDfO
T7qgMv9Gcahr6Mfk+b43GCEurQpvG0KYiGO/gK8XqYFPH/vtbIHn9Z3luMcbn1cfxVbMVq
7iK+G1fUj4ynajeYR8Z9DOtD6tEBNV5UGlfCVK6BTwWKA2GS9J2WI2yIQo5fVNr+/RpbjK
Ethc84M9ONgWxuDiBRQ/M+NTxHGryXjSjRrImnJNWqs+fEgBXFzTpvMcJYzvExJXTmksbk
laKo777nhan+HHJzeeof3FtJKoOkr/ezlFrvUDqV3FKyFHQXK7VAVLEGNC8r3mvDitFmwa
XG2IaFuAZ/UpdBs2mRNS1d8Skbnjx0anHivaeW/d2sKdDi8/rf0fD9M9p1vGFR0+4n9hme
dsO56HL7Y7VK14sPvivoTxDX5IM5xuYzZFBwdK3cWivYxL5YSMKRvbJ0DTqjJcNQOWzijg
hu7N1iVvSPt5R7hOhXWbHH5t2RIj4/go5CU6fsbZh61hvSF5wimiDo2X5hWMsL5zQidpi0
aVx4TEY8rD6n1TgFbVBiqJX4rmRUm9WEhKYDY6uBvEPm/eDuEkdwUbU8lw8GPfLw/y/WVb
f4ECm+VFzIQfcyHTEwTuuiEP34/a1+G8iszU2ZDAWLMIF+heLFaVq5LB4SmsdHHzOP3TlO
3hYHFFDBkGHgfBNcvofwEmCzYgbLwWnIW53aJvs9/159aP1RpXNALbzB3H9JocucNBALmz
0LuLhjnGnH1HSQq4PIkYrQOuYu7kMWXkUvhU2NQTIYbCH3Qu5KPMYUUVrcfAiUCDhThQP1
xNV4HphMrZPPeo0Xpo1nizRmr7rjYgVdW27bAAe1kjHTBA2/7IuXgrOcOREW8gN+IYv6uk
bFLFYYCu7yQdkY8hSwtkgLc4KHWtnazkSWw2guoqaXtf5DsQfZPhl2slQNv9oq4iO8GoTW
Xg1nAlE7jMRCol+5g6rfpJLQnj39mR+fR0cLtzNp9jTdUNqybRKcO6CWrXlxHw7kQZwSJu
uNpCZ0ss936PSj92zp6eJJtNH8x3jvMY29Z3hVbA+YeOvm6DJJFteCgPI/fjkhsptCu6bK
LXgDmcpO08stA2yb7YCyNYCRmEIhNeLYQsj1Ok3Vn+C+2InUeEAWQCSx9mjMVml41DHrKg
eiDtBuV1VR4bAw2xNQ6UySmgKKXcJTQONDTyJQ4/Sd4XG7hQh10oAFDklVRLpxtx6jbCk3
rWWT4rW8oovDjlnOqR8mzRyoqkvZ+8HGBa5Grj9Vmzpuv4n/Vp/zZcPLpLS5H2Zf/aOXGI
/iPqRWyALEeoBihE1AT6tBoPqD/Q3Wbk21ERXwJhl/TImhvygka6mWbKKXOw86+kMVSJal
a/4hU9+qo8zSqwEbf5FHDL3ASvfP4XA95wQPTXd3sGh2nUA1N3zHZk9Aa11pNWqjMEXEM0
oeLOYC6isexmY1LRS1mW2tRRpMuIbGYUPcJfjxvPDtJT/ryXM0MuraNaavyYJ0n6DsaAqI
HbBhceo3+oM4HskKavovJp2doHyPMCFh4myaTCHCVgztgRvfa+QC02ri8R+IQ1EkHneaIv
i2mo4+6qZ25xUBQ6ZrOpLU2s6fT5th4/fgqnZWyBjs+1MwNFfVHnTn7InPA4yac/ODQ4Po
ItL1DDp3daoOY7EnohTbdJDkiPfukXgqkN4y9KsiYBr3sZD8xqKS5C4vi2nKrOmUsSfp+R
UyttjDt84I+ZHSaSILzu7X1OYVFSPmPkG80nFU/Tp/c3DASxJYcVQT7F8X9RuqmejlzVms
evF9rs0OiSYAJAOrh6Qi5CKm+xGGtbt9sl+v/trSR/10GyRhqjuWEjQhQq8Q3s7+AMALN6
ZnrXZl+8QIW1MSvaaQFmJFqTs=
-----END OPENSSH PRIVATE KEY-----
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
1.0 0000000a (10)
1.0.0 6165733235362d637472 ("aes256-ctr")
2.0 00000006 (6)
2.0.0 626372797074 ("bcrypt")
3.0 00000018 (24)
3.0.0 00000010 (16)
3.0.0.0 07d4b07c0b128348916488008d6e130b (bytes)
3.0.1 00000064 (100)
4.0 00000001 (1)
4.0.0 00000217 (535)
4.0.0.0 00000007 (7)
4.0.0.0.0 7373682d727361 ("ssh-rsa")
4.0.0.1 00000003 (3)
4.0.0.1.0 010001 (65537)
4.0.0.2 00000201 (513)
4.0.0.2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
07 (bytes)
4.0.1 00000750 (1872)
4.0.1.0 966e2ce435242fef09787f6e8d93a563092e3f3bc986b44198c81e8049c5c944
419effc0521401dc1ef5bc0e4d6aedeb7d05880bc3f731698b9bceeceae08e5e
05f79f4d22de953c899c3271850e80e804f9b1a79bcec31bba11c08db60f9bd2
206bc3d7bfef74895e4f4e3720649f924544f4a2cea5b9dfb9cc0a2bd8f3ba70
f4ba2e7f42960465c9eade118630f9c832fe84ef548529979d0d6ea079f9d5c4
0e396b098fc509448d26de3cb484b0334afacaba371b52c37c120a5623170c1d
0a39348a151c9fb8aab1049f52cf0c08c77144af314259a90848f3dc62e5831f
ac08720b1c813506f1db1e7940def52dc46c97d6363cda0ff7e2258e2637d2e0
9f26099bbfeac78819198b78374d2424537fe549a2ab3dddaf5f7fdb739c3921
064b04f6ffcfeb5544db533179038e11d0cc622992bc6d0600584d4068a2891d
c748c9c16be32c2a08e96caa2ddec4ddd1a2ab3b018a0b0f166a15ac870a30c8
0cc897dbf15af7e8c2915b3616f237a6646e43c665f7569a5ed1850ad8cd0540
06d389568db55393e780e752ace8f06b70f1e99d86b9445d9c1a7a6476bcbf48
4400a58e5a5a73d2c20d630a9985bbf4c691abb61ee4515aa64a727e7bac4a5e
d7bb5f767c7dcf0035904231283d92445863702a995e792bde1d5ac7dd624898
7b9fe4b0a6f1837ce4fbaa032ff4671a86be8c7e4f9be3718212ead0a6f1b429
88863bf80af17a9814f1ffbed6c81e7f59de5b8c71b9f571fc556cc56aee22be
1b57d48f8ca76a379847c67d0ceb43ead101355e541a57c254ae814f058a0361
92f49d96236c88428e5f54dafefd1a5b8ca12d85cf3833d38d816c6e0e205143
f33e353c471abc978d28d1ac89a724d5aab3e7c48015c5cd3a6f31c258cef131
2574e692c6e495a2a8efbee785a9fe1c727379ea1fdc5b492a83a4aff7b3945a
ef503a95dc52b21474172bb54054b106342f2bde6bc38ad166c1a5c6d88685b8
067f529741b36991352d5df1291b9e3c746a71e2bda796fdddac29d0e2f3fadf
d1f0fd33da75bc6151d3ee27f6199e76c3b9e872fb63b54ad78b0fbe2be84f10
d7e48339c6e63364507074addc5a2bd8c4be5848c291bdb2740d3aa325c35039
6ce28e086eecdd6256f48fb7947b84e85759b1c7e6dd91223e3f828e4253a7ec
6d987ad61bd2179c229a20e8d97e6158cb0be734227698b4695c784c463cac3e
a7d538056d5062a895f8ae64549bd58484a60363ab81bc43e6fde0ee12477051
b53c970f063df2f0ff2fd655b7f81029be545cc841f7321d31304eeba210fdf8
fdad7e1bc8accd4d990c058b30817e85e2c5695ab92c1e129ac7471f338fdd39
4ede16071450c19061e07c135cbe87f01260b36206cbc169c85b9dda26fb3dff
5e7d68fd51a573402dbcc1dc7f49a1cb9c34100b9b3d0bb8b8639c69c7d47490
ab83c8918ad03ae62eee43165e452f854d8d4132186c21f742ee4a3cc614515a
dc7c08940838538503f5c4d5781e984cad93cf7a8d17a68d678b3466afbae362
055d5b6edb0007b59231d3040dbfec8b9782b39c391116f2037e218bfaba46c5
2c56180aeef241d918f214b0b6480b7382875ad9dace4496c3682ea2a697b5fe
43b107d93e1976b2540dbfda2ae223bc1a84d65e0d6702513b8cc442a25fb983
aadfa492d09e3dfd991f9f47470bb73369f634dd50dab26d129c3ba096ad7971
1f0ee4419c1226eb8da42674b2cf77e8f4a3f76ce9e9e249b4d1fcc778ef318d
bd6778556c0f9878ebe6e8324916d78280f23f7e3921b29b42bba6ca2d780399
ca4ed3cb2d036c9bed80b235809198422135e2d842c8f53a4dd59fe0bed889d4
7840164024b1f668cc566978d431eb2a07a20ed06e575551e1b030db1350e94c
929a028a5dc25340e3434f2250e3f49de171bb850875d280050e495544ba71b7
1ea36c2937ad6593e2b5bca28bc38e59cea91f26cd1ca8aa4bd9fbc1c605ae46
ae3f559b3a6ebf89ff569ff365c3cba4b4b91f665ffda397188fe23ea456c802
c47a8062844d404fab41a0fa83fd0dd66e4db51115f026197f4c89a1bf28246b
a9966ca2973b0f3afa43154896a56bfe2153dfaaa3ccd2ab011b7f91470cbdc0
4af7cfe1703de7040f4d7777b068769d4035377cc7664f406b5d69356aa33045
c4334a1e2ce602ea2b1ec666352d14b5996dad451a4cb886c66143dc25f8f1bc
f0ed253febc9733432eada35a6afc982749fa0ec680a881db06171ea37fa8338
1ec90a6afa2f269d9da07c8f302161e26c9a4c21c2560ced811bdf6be402d36a
e2f11f884351241e779a22f8b69a8e3eeaa676e7150143a66b3a92d4dace9f4f
9b61e3f7e0aa7656c818ecfb53303457d51e74e7ec89cf038c9a73f3834383e8
22d2f50c3a7775aa0e63b127a214db7490e488f7ee91782a90de32f4ab22601a
f7b190fcc6a292e42e2f8b69caace994b127e9f91532b6d8c3b7ce08f991d269
220bceeed7d4e6151523e63e41bcd27154fd3a7f7370c04b1258715413ec5f17
f51baa99e8e5cd59ac7af17daecd0e8926002403ab87a422e422a6fb1186b5bb
7db25faffedad247fd741b2461aa3b9612342142af10decefe00c00b37a667ad
7665fbc4085b5312bda690166245a93b (AES256-CTR encrypted block) (bytes)
Note
|
The decrypted 4.0.1.0 should match the plaintext key’s structure for 4.0.1.0 through 4.0.1.10. The padding length WILL change, however, between the two unless using a cipher with an 8-byte block size. |
When 4.0.1.0 is decrypted, it yields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
4.0.1.0 0d98bd61 (228113761)
4.0.1.1 0d98bd61 (228113761)
4.0.1.2 00000007 (7)
4.0.1.2.0 7373682d727361 ("ssh-rsa")
4.0.1.3 00000201 (513)
4.0.1.3.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af
cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689
4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299
2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0
b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7
d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5
0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6
55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af
2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0
f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf
0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a
37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029
f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e
dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074
5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2
bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f
07 (bytes)
4.0.1.4 00000003 (3)
4.0.1.4.0 010001 (65537)
4.0.1.5 00000200 (512)
4.0.1.5.0 499f2c705e04bfe17a4476d27e5e1ddfd8c335f63ac22f748754f02183440f6d
a93f3f86429261663e0bddfda69d4c2f705d0bbe7dd31a8941bf5672e29844a1
e0670970c6f2a98b76f85b26fafedb59c49786b8df7eaeeb86171fd579fe8df0
eadd2536a4244a0332d5a9ad3eb8340c930464153e82b4ffad4f647a7ba808e3
854450f806b60e0b670fc99cb6b58786497d4c199e7750ee5089934eef25f465
12394955c487e10744ebdb9a00951c8095b024d4ce75f1da3146b5b3447169f5
9e23d40685438bc7bcad1173927a389a0903ba111a46809d123b3432197cca8f
c0c27816fbf215c2b7c584b94f37c9ed8a8e815942effdcf54757268afe58fd7
00cdcf6a98a20950617b0624aa835d95e27d7afcdee70c397ca1b6aa04735e6d
5c5e01bfff2174cf562d36842624490e12ca8142595d52567494f38b2124012c
acacb2564e21c845eb94f5d6ebf6f39066e1fa04b318174e6f9994823ba4d9ef
2c28b37cb3ea05fa3cad7200898394276835523e4e416054f23db0eb732211d3
a11ea551390ae8d58d69e14664e0e20f2bf0ccd24d260b832a94144f5801ea7c
dbb2436f21ba2dbaecbcd573f24c5e0d43fd26b4ae6764e138ddaf4775ac0163
e45727c10027f716cbe3cc70fff73441bb2538e5426a1a5638b448a7bde96804
1ec2184ef67b0da60070297cd73deeefebd1951611c7a776c956e18e5f163a21 (bytes)
4.0.1.6 00000100 (256)
4.0.1.6.0 0ae2e1cf2455a0d82272e6a42bbba83eb765496e5a33e13b8c94756d8c32f7d7
505fd997bdd5ec08c59bf8d1d659d1df02bec669ebb5aaaf5db1ec70ce2f2a6b
3a17b7b1fce3adc6203c2905cd652d7622065dd011ae33894467c6dca3643952
b0caedff9bc78ac40408074027566ee4c4751ad3ff452a2781af8b5c2c9bf09b
34ee5e6201330b4bc381af766798667c5b9ad0733c19f4ef475fd264655e0305
53f2f2f8de59c2aee74b9dd6720e3108143dfedd41cf4bc11de2b9a9f40faec7
2a52312abee4c6155acfee9384a16348c715346ebe693895fe6d2348d4dedb0a
137c487185ff949c209115b9c8a106329991f049e8430c7ba60dd5408d72ac98
4.0.1.7 00000101 (257)
4.0.1.7.0 00e50b65ba6ae4cb29ae66129c3e41ffeba36cd6ecbaa7045ff90cea71d09bc0
56b0b9134dc5754c49da1fe8ab169cd149eedaeccf4913d915f4f241c5fd86c7
7511e0c261c344600a84cce78e8cf493e492844cb82c42ab6d1246a53e5cf50a
d4759c2a5c09d53b1c5c3b449328eea01434d6e537b3a513928dfaddf0a72728
23899b8d795220cb3344ab8d0e846e1e40ffdfb5c719262c2b527a890a51faab
cf10904699135f7b997487f4b48d4490ad80fc25b346fa0bb587f09295bf0f71
ac10a8086867d4bad00a0c27a6456f08e0c2bf8caed8768f0366a2440428180a
292617af61feabab9a7075b8bc21209a5439bbfe3613917071fee74a8d5d80fe
99
4.0.1.8 00000101 (257)
4.0.1.8.0 00cd7077659fad983104bcc7dc526242b9ea52cea40e923df771ac2a28e377f2
b9231a58c2448c6b8d17fe83571ef6bdbbc11f3d4ab4254ea859684b8772911f
9c6f355479053e3e3d3a6ecce13a016908298ca3f8b628d2111749a3627628eb
05844f546795a5067d39b1d304e19cc6fc1be00a6164ea33e4abbc87f5683227
1d825c868c5ccda3775b037711e99436f96c53f3780b985084e1d84a458c687a
b0938a09bf6f9b3ffec41ed02fd5b27572c7d180039e405a559b62fc08f804b1
9f043dba4c6f7565b1c72759f4b932d4f93d4f41da91b1b146f29854a1008341
e4760bdd4987097ec4a6551ab96e099a04a38d6a893b533db185abb55736419e
9f (bytes)
4.0.1.9 00000018 (24)
4.0.1.9.0 54686973206973206120636f6d6d656e7420737472696e67 ("This is a comment string")
4.0.1.10 010203 ([1 2 3], 3 bytes)
See the plaintext structure for details.
3.2. ED25519
ED25519[4] is a relatively somewhat new OpenSSH key algorithm. It has numerous benefits over e.g. RSA, including:
-
fixed key sizes, so fixed pubkey sizes
-
and significantly shorter pubkeys, yet-
-
-
strength comparable to RSA4096, but-
-
much faster
-
-
public domain and developed by independent researchers; not tied to specific corporation (i.e. nothing like RSA)
I recommend it over all other key types for new SSH keys as long as it’s supported by clients/servers.
3.2.1. Public
3.2.1.1. Structure
Public keys are stored in the following structure:
1
2
3
4
0.0 uint32 allocator for 0.0.0 (4 bytes)
0.0.0 Public key key type string (ASCII bytes)
1.0 uint32 allocator for 1.0.0 (4 bytes)
1.0.0 Public key payload (bytes)
3.2.1.2. Example
id_ed25519.pub
Format1
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQ4i8lzaE3WaFcTESK/8hLJg7umsWLE6XzRH3PDnZew This is a test key
AAA…nZew
)1
2
3
4
0.0 0000000b (11)
0.0.0 7373682d65643235353139 ("ssh-ed25519")
1.0 00000020 (32)
1.0.0 44388bc973684dd66857131122bff212c983bba6b162c4e97cd11f73c39d97b0 (bytes)
3.2.2. Private
3.2.2.1. Legacy
Note
|
ED25519 has no legacy format, as it was introduced after the introduction of the new key format. |
3.2.2.2. v1 (Plain)
Tip
|
Since plaintext/unencrypted keys do not have a cipher or KDF (as there’s no encryption key or algorithm used), they use the string "none" to identify these (and entirely leave out the KDF options). |
3.2.2.2.1. Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
1.0 uint32 allocator for 1.0.0 (4 bytes)
1.0.0 cipher name string (ASCII bytes)
2.0 uint32 allocator for 2.0.0 (4 bytes)
2.0.0 KDF name string (ASCII bytes)
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes) (ALWAYS 0 for unencrypted keys, so no following substructure)
4.0 uint32 counter for # of keys (4 bytes)
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
4.0.0.0.0 public key #n keytype string (ASCII bytes)
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
4.0.0.1.0 public key #n payload (bytes)
4.0.1 uint32 allocator for private key structure #n (4.0.1.0 to 4.0.1.5) (4 bytes)
4.0.1.0 uint32 decryption "checksum" #1 (should match 4.0.1.1) (4 bytes)
4.0.1.1 uint32 decryption "checksum" #2 (should match 4.0.1.0) (4 bytes)
4.0.1.2 Copy of 4.0.0.0; allocator for 4.0.1.2.0 (4 bytes)
4.0.1.2.0 Copy of 4.0.0.0.0 (ASCII bytes)
4.0.1.3 Copy of 4.0.0.1; allocator for 4.0.1.3.0 (4 bytes)
4.0.1.3.0 Copy of 4.0.0.1.0 (bytes)
4.0.1.4 uint32 allocator for 4.0.1.4.0 (4 bytes)
4.0.1.4.0 Private key #n (bytes)
4.0.1.5 uint32 allocator for 4.0.1.5.0 (4 bytes)
4.0.1.5.0 comment for key #n string (ASCII bytes)
4.0.1.6 sequential padding
Note
|
Chunk 3.0.0 to 3.0.1: These blocks are not present in unencrypted keys (see the encrypted key structure for what these look like). 3.0 reflects this, as it’s always going to be Chunk 4.0: This is technically currently unused; upstream hardcodes to 1 (left zero-padded Chunk 4.0.1.4.0: This is a 64-byte block for ED25519, but the second half of the private key ( Chunk 4.0.1.6: The padding used aligns the private key (4.0.1.0 to 4.0.1.5.0) to the cipher blocksize. For plaintext keys, a blocksize of 8 is used. |
3.2.2.2.2. Example
id_ed25519
Format1
2
3
4
5
6
7
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBEOIvJc2hN1mhXExEiv/ISyYO7prFixOl80R9zw52XsAAAAJjPbUqwz21K
sAAAAAtzc2gtZWQyNTUxOQAAACBEOIvJc2hN1mhXExEiv/ISyYO7prFixOl80R9zw52XsA
AAAEBqSF+KwoLTOqI6+TnpcaZY4ckcamLrBF8CvtJbNZflJ0Q4i8lzaE3WaFcTESK/8hLJ
g7umsWLE6XzRH3PDnZewAAAAElRoaXMgaXMgYSB0ZXN0IGtleQECAw==
-----END OPENSSH PRIVATE KEY-----
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
1.0 00000004 (4)
1.0.0 6e6f6e65 ("none")
2.0 00000004
2.0.0 6e6f6e65 ("none")
3.0 00000000 (0)
4.0 00000001 (1)
4.0.0 00000033 (51)
4.0.0.0 0000000b (11)
4.0.0.0.0 7373682d65643235353139 ("ssh-ed25519")
4.0.0.1 00000020 (32)
4.0.0.1.0 44388bc973684dd66857131122bff212
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
4.0.1 00000098 (141)
4.0.1.0 cf6d4ab0 (3480046256)
4.0.1.1 cf6d4ab0 (3480046256)
4.0.1.2 0000000b (11)
4.0.1.2.0 7373682d65643235353139 ("ssh-ed25519")
4.0.1.3 00000020 (32)
4.0.1.3.0 44388bc973684dd66857131122bff212
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
4.0.1.4 00000040 (64)
4.0.1.4.0 6a485f8ac282d33aa23af939e971a658
e1c91c6a62eb045f02bed25b3597e527
44388bc973684dd66857131122bff212
c983bba6b162c4e97cd11f73c39d97b0 (bytes)
4.0.1.5 00000012 (18)
4.0.1.5.0 5468697320697320612074657374206b6579 ("This is a test key")
4.0.1.6 010203 ([1 2 3], 3 bytes)
3.2.2.3. v1 (Encrypted)
Tip
|
Currently, the only supported KDF is bcrypt_pbkdf ( See the following for more details: |
Tip
|
You can get a list of supported ciphers (1.0.0) via This is likely going to be:
The author recommends using |
3.2.2.3.1. Structure
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes)
1.0 uint32 allocator for 1.0.0 (4 bytes)
1.0.0 cipher name string (ASCII bytes)
2.0 uint32 allocator for 2.0.0 (4 bytes)
2.0.0 KDF name string (ASCII bytes)
3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes)
3.0.0 uint32 allocator for 3.0.0.0 (4 bytes)
3.0.0.0 Salt/IV (bytes)
3.0.1 uint32 for number of rounds/"work factor" (4 bytes)
4.0 uint32 counter for # of keys (4 bytes)
4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes)
4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes)
4.0.0.0.0 public key #n keytype string (ASCII bytes)
4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes)
4.0.0.1.0 public key #n payload (bytes)
4.0.1 uint32 allocator for encrypted private key structure blob #n (4.0.1.0) (4 bytes)
4.0.1.0 <ENCRYPTED BLOB>
Note
|
Chunk 4.0: This is technically currently unused; upstream hardcodes to 1 (left zero-padded Chunk 4.0.1.0: When decrypted, this is equivalent to the plaintext 4.0.1.0 to 4.0.1.6. It uses a padded size appropriate to the encryption cipher used. |
3.2.2.3.2. Example
The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is test
.
id_ed25519
Format1
2
3
4
5
6
7
8
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBQEy9ykA
1o4KMfnXW28KW8AAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIL+iAxqlRjET5A4W
iWr1A8Upnq12sJy2OEb0HMTeF0D2AAAAoMSXd80NGn0323ehgUmRJ4+M6Z1XLixma5O5mG
dCXGDaRlL924VVCYUytRvu7ilZ+dtc9aCQUFJyDF3iXyxN2H68x7teo9e8vqzGtzLkw5KV
2Zkal+8/CDj4qb/UPts0AxiWSQiPbPt4lG+5FONYrGq8ZGkQcvXyeIU02dQtf0BrxQkLMN
8jy33YxcuTjkH6zW446IRbgWC/+EBZgRjUR8I=
-----END OPENSSH PRIVATE KEY-----
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00)
1.0 0000000a (10)
1.0.0 6165733235362d637472 ("aes256-ctr")
2.0 00000006 (6)
2.0.0 626372797074 ("bcrypt")
3.0 00000018 (24)
3.0.0 00000010 (16)
3.0.0.0 50132f72900d68e0a31f9d75b6f0a5bc (bytes)
3.0.1 00000064 (100)
4.0 00000001 (1)
4.0.0 00000033 (51)
4.0.0.0 0000000b (11)
4.0.0.0.0 7373682d65643235353139 ("ssh-ed25519")
4.0.0.1 00000020 (32)
4.0.0.1.0 bfa2031aa5463113e40e16896af503c5
299ead76b09cb63846f41cc4de1740f6 (bytes)
4.0.1 000000a0 (160)
4.0.1.0 c49777cd0d1a7d37db77a1814991278f
8ce99d572e2c666b93b99867425c60da
4652fddb8555098532b51beeee2959f9
db5cf5a0905052720c5de25f2c4dd87e
bcc7bb5ea3d7bcbeacc6b732e4c39295
d9991a97ef3f0838f8a9bfd43edb3403
189649088f6cfb78946fb914e358ac6a
bc64691072f5f2788534d9d42d7f406b
c5090b30df23cb7dd8c5cb938e41facd
6e38e8845b8160bff840598118d447c2 (AES256-CTR encrypted block) (bytes)
Note
|
The decrypted 4.0.1.0 should match the plaintext key’s structure for 4.0.1 through 4.0.1.6. The padding length WILL change, however, between the two unless using a cipher with an 8-byte block size. |
When 4.0.1.0 is decrypted, it yields:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
4.0.1.0 f890d89a (4170242202)
4.0.1.1 f890d89a (4170242202)
4.0.1.2 0000000b (11)
4.0.1.2.0 7373682d65643235353139 ("ssh-ed25519")
4.0.1.3 00000020 (32)
4.0.1.3.0 bfa2031aa5463113e40e16896af503c5
299ead76b09cb63846f41cc4de1740f6 (bytes)
4.0.1.4 00000040 (64)
4.0.1.4.0 ce6e2b8d638c9d5219dff455af1a90d0
a5b72694cfcedfb93bc1e1b1816dee98
bfa2031aa5463113e40e16896af503c5
299ead76b09cb63846f41cc4de1740f6 (bytes)
4.0.1.5 00000012 (18)
4.0.1.5.0 5468697320697320612074657374206b6579 ("This is a test key")
4.0.1.6 0102030405060708090a0b ([1 2 3 4 5 6 7 8 9 10 11], 11 bytes)
See the plaintext structure for details.