[Bug 2865] New: OpenSSH private key format documentation seems off

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed May 9 12:20:47 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2865

            Bug ID: 2865
           Summary: OpenSSH private key format documentation seems off
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: terrafrost at gmail.com

I do ssh-keygen -t ed25519 and get the following private key:

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINAAAAKCouUdrqLlH
awAAAAtzc2gtZWQyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINA
AAAEAi3voQW6X2cPzaSqBnW47sqnfEz9DrKEFwcP48S5+cyOLZd+Ii+64AH9Tt5jYV2Ruh
dkc2VJ7ufzqg4qJYIIg0AAAAG2p3aWdnaW50b25Abm9kZTIucGFwMzYwLmNvbQEC
-----END OPENSSH PRIVATE KEY-----

The documentation for that format is discussed here:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD

I think this would be a more accurate description of the private key
format:

----------------------------------

3. Unencrypted list of N private keys

The list of privatekey/comment pairs is padded with the
bytes 1, 2, 3, ... until the total length is a multiple
of the cipher block size.

       uint32  checkint
       uint32  checkint
       string  typeofkey (ssh-ed25519, ssh-rsa, etc)
       string  publickey
       string  privatekey
       string  comment
       char    1
       char    2
       char    3
       ...
       char    padlen % 255

----------------------------------

Maybe after that first comment the strings should repeat idk (idk how
to generate, with OpenSSH, a key that contains multiple private keys).

I'm also assuming that http://tools.ietf.org/html/rfc4253#section-6
applies to OpenSSH private keys:

   Note that the length of the concatenation of 'packet_length',
   'padding_length', 'payload', and 'random padding' MUST be a multiple
   of the cipher block size or 8, whichever is larger.

Seems like it might be nice to mention that in the docs..

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list