[Bug 2865] New: OpenSSH private key format documentation seems off
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed May 9 12:20:47 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2865
Bug ID: 2865
Summary: OpenSSH private key format documentation seems off
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Windows 10
Status: NEW
Severity: enhancement
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: terrafrost at gmail.com
I do ssh-keygen -t ed25519 and get the following private key:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINAAAAKCouUdrqLlH
awAAAAtzc2gtZWQyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINA
AAAEAi3voQW6X2cPzaSqBnW47sqnfEz9DrKEFwcP48S5+cyOLZd+Ii+64AH9Tt5jYV2Ruh
dkc2VJ7ufzqg4qJYIIg0AAAAG2p3aWdnaW50b25Abm9kZTIucGFwMzYwLmNvbQEC
-----END OPENSSH PRIVATE KEY-----
The documentation for that format is discussed here:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
I think this would be a more accurate description of the private key
format:
----------------------------------
3. Unencrypted list of N private keys
The list of privatekey/comment pairs is padded with the
bytes 1, 2, 3, ... until the total length is a multiple
of the cipher block size.
uint32 checkint
uint32 checkint
string typeofkey (ssh-ed25519, ssh-rsa, etc)
string publickey
string privatekey
string comment
char 1
char 2
char 3
...
char padlen % 255
----------------------------------
Maybe after that first comment the strings should repeat idk (idk how
to generate, with OpenSSH, a key that contains multiple private keys).
I'm also assuming that http://tools.ietf.org/html/rfc4253#section-6
applies to OpenSSH private keys:
Note that the length of the concatenation of 'packet_length',
'padding_length', 'payload', and 'random padding' MUST be a multiple
of the cipher block size or 8, whichever is larger.
Seems like it might be nice to mention that in the docs..
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list