[Bug 2865] New: OpenSSH private key format documentation seems off

Wed May 9 12:20:47 AEST 2018

https://bugzilla.mindrot.org/show_bug.cgi?id=2865

            Bug ID: 2865
           Summary: OpenSSH private key format documentation seems off
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Windows 10
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: terrafrost at gmail.com

I do ssh-keygen -t ed25519 and get the following private key:

The documentation for that format is discussed here:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD

I think this would be a more accurate description of the private key
format:

----------------------------------

3. Unencrypted list of N private keys

The list of privatekey/comment pairs is padded with the
bytes 1, 2, 3, ... until the total length is a multiple
of the cipher block size.

       uint32  checkint
       uint32  checkint
       string  typeofkey (ssh-ed25519, ssh-rsa, etc)
       string  publickey
       string  privatekey
       string  comment
       char    1
       char    2
       char    3
       ...
       char    padlen % 255

----------------------------------

Maybe after that first comment the strings should repeat idk (idk how
to generate, with OpenSSH, a key that contains multiple private keys).

I'm also assuming that http://tools.ietf.org/html/rfc4253#section-6
applies to OpenSSH private keys:

   Note that the length of the concatenation of 'packet_length',
   'padding_length', 'payload', and 'random padding' MUST be a multiple
   of the cipher block size or 8, whichever is larger.

Seems like it might be nice to mention that in the docs..

-- 
You are receiving this mail because:
You are watching the assignee of the bug.