Is there a documentation of the key file formats?

Paul Ebermann Paul-Ebermann at gmx.de
Fri Nov 18 13:41:17 EST 2011 

Thanks for the answer, and sorry for replying only now.

Aris Adamantiadis skribis:

> This is described in RFC 4716 (https://www.ietf.org/rfc/rfc4716.txt )
> This is basically PEM + a few custom extensions.

Sorry, but no.

RFC 4716 defines a format for public keys which looks like this
(copied from the RFC, page 6):

   ---- BEGIN SSH2 PUBLIC KEY ----
   Subject: me
   Comment: 1024-bit rsa, created by me at example.com Mon Jan 15 \
   08:31:24 2001
   AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
   596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
   soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
   ---- END SSH2 PUBLIC KEY ----

My id_rsa.pub looks like this (in one line):

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA07kVI7xHv7sVvUH+f8KXTxfP4mFNC0
etjAh8ArbyX8D5sMsXAshEw1RBw2v2U+r4GebB0IOyA+G8zTcIXPm2yUp3mhrp1c/t
ldLocKV0KftW4tp7Umk47l5AVgA7VB7tBdDvUNbo4A8lHYk+nPf4RePwJBTjUS5WBP
dTQIVMEGT1WVyZ9Sei+pAbr95uiREhNZOCMsqMO1rSHbemlrOtkGoLSyU/Qsxi9H99
lYT/86RZqI3PGK6qEpSHB22ywkpdZ8q7owejQzySX5qHGJl4g8Z8JB3eC96BT+ay11
UCGPyXNpBYYS/7a2eGZkZBYun7UcWxKEYzoiFkQxFU4XX9gQ== paulo at heribert

This is obviously not the same format (and I think this is
intentional, so the authorized_keys and known_hosts files can have one
key per line).

RFC 4716 defines the format used by SSH Inc's implementation, and is
supported by ssh-keygen's import/export options (-i / -o), but it is not
the same format as the one used internally in the .pub files.

Still, at least the actual base64 data of the public keys looks
similar (both start with AAAAB3NzaC1yc2EAAAAB), thus I assume
they are using the same internal format.
RFC 4716 refers to the RFC 4253 (SSH Transport Layer protocol),
section 6.6, for the format of this base64-encoded part, which
actually defines how the public key is transmitted in binary form in the
protocol, as a sequence of:
- the string "ssh-rsa",
- a multiprecision integer e (encryption exponent),
- a multiprecision integer n (modulus).

(Both strings and MP integers are prefixed with a 32-bit (4 byte)
 value indicating the length of the following byte sequence in
 bytes. AAAAB3NzaC1yc2EA just decodes to 0x00000007 +
 "ssh-rsa" + the first zero byte of the prefix to e.)


I think this fact (that this is simply the public key as defined
in the SSH protocol (RFC 4253), base64-encoded) should be somewhere
documented (if it isn't already).

(I can write a patch if someone has a proposal in which file
 this should go.)



The private key file id_rsa looks like this:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAx4YpszY1+d+jEdIvvCLLumgDYmLy95SIqzeS1SV+ggUUn9u+
   [... 22 more lines like these ...]
Mv5Y4J3hWBkk+NfD6yzHPFaHfaWXFTlELfN3vZXAEYFIKzKhLrR7DG6rg7qUk/s2
eIh8COO5+h8mnyP/MRV9ceYmvmNs8R5Ng6Lmfi/owXIdbIQafuuUIA==
-----END RSA PRIVATE KEY-----

(No, this is not my real key, but a dummy one I just generated.)

The RSA standard (PKCS#1) defines in appendix A.1.2 an ASN.1
representation of RSA private keys, so I could guess that this
is some encoding (DER, CER, PER?) of this, wrapped in Base64.

It could be something else, I didn't yet try to parse it (or
look at the source).

(It looks a bit strange that the private key has about 8 times the
 size of the public one, though.)


Any hints?

Paŭlo

More information about the openssh-unix-dev mailing list