go_sshkeys/_ref/KEY_GUIDE.adoc

OpenSSH Key Structure Guide

Table of Contents

• 1. Purpose
• 2. Basic Introduction
  • 2.1. Legacy
    • 2.1.1. Private Keys
    • 2.1.2. Public Keys
  • 2.2. New "v1" Format
    • 2.2.1. Private Keys
    • 2.2.2. Public Keys
• 3. Keytype-Specific Breakdowns
  • 3.1. ED25519

1. Purpose

This document attempts to present a much more detailed, thorough, and easily-understood form of the key formats used by OpenSSH. The extent of those formats' canonical documentation is the OpenSSH source tree’s PROTOCOL.key, which is a little lacking.

2. Basic Introduction

2.1. Legacy

2.1.1. Private Keys

In OpenSSH pre-7.8, private keys are stored in their respective PEM encoding^[1] with no modification. These legacy private keys should be entirely usable by OpenSSL/LibreSSL/GnuTLS etc. natively with no conversion necessary.

2.1.2. Public Keys

Each public key file (*.pub) is written out in the following format:

A B C

Where:

A

The key type (e.g. ssh-rsa, ssh-ed25519, etc.)

B

The public key itself, Base64^[2]-encoded

C

The key’s comment

The structures specified in the breakdowns later in this document describe the decoded version of B only.

2.2. New "v1" Format

2.2.1. Private Keys

2.2.2. Public Keys

3. Keytype-Specific Breakdowns

Unresolved directive in <stdin> - include::rsa/main.adoc[]

3.1. ED25519

---

1. https://datatracker.ietf.org/doc/html/rfc7468

2. https://datatracker.ietf.org/doc/html/rfc4648