A mis-specification of the OpenSSH key format?

Damien Miller djm at mindrot.org
Fri May 7 12:42:47 AEST 2021 

yeah, the private keys should be inserted as byte[] rather than string.

I just fixed this in https://github.com/openssh/openssh-portable/commit/24fee8

On Wed, 5 May 2021, Tyson Whitehead wrote:

> The PROTOCOL.key file says the list of N private keys in in the OpenSSH format
> are stored like so
> 
> uint32	checkint
> uint32	checkint
> string	privatekey1
> string	comment1
> string	privatekey2
> string	comment2
> ...
> 
> I would then expect then that each privatekey should have the string wrapping
> that proceeds them with a 32-bit count of the number of bytes in the private
> key.
> 
> When I do a dump of the file though it seems that each of the privatekeys are
> just embedded at these points without the string wrapping. For example
> 
> $ sed -n '2,9p' ~/.ssh/id_ecdsa_sk | base64 -d | xxd -g 1
> ...
> 000000a0: 4e 95 00 00 00 04 73 73 68 3a 00 00 00 e0 ea 93  N.....ssh:......
> 000000b0: 0b 34 ea 93 0b 34 00 00 00 22 73 6b 2d 65 63 64  .4...4..."sk-ecd
> 000000c0: 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32 35 36  sa-sha2-nistp256
> 000000d0: 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00 00 08  @openssh.com....
> ...
> 
> you can see the two ea 93 0b 34 checkints are followed by 00 00 00 22 which is
> the immediate start of a "sk-ecdsa-sha2-nistp256 at openssh.com" key without a
> string wrapper (0x22 being the length of the
> "sk-ecdsa-sha2-nistp256 at openssh.com" identifier).
> 
> As a point of comparison, the public keys declared earlier in the file are
> actually string wrapped. Using the same example
> 
> byte[]	AUTH_MAGIC
> string	ciphername
> string	kdfname
> string	kdfoptions
> int	number of keys N
> string	publickey1
> string	publickey2
> ...
> 
> $ sed -n '2,9p' ~/.ssh/id_ecdsa_sk | base64 -d | xxd -g 1
> ...
> 00000020: 00 00 00 00 00 00 01 00 00 00 7f 00 00 00 22 73  .............."s
> 00000030: 6b 2d 65 63 64 73 61 2d 73 68 61 32 2d 6e 69 73  k-ecdsa-sha2-nis
> 00000040: 74 70 32 35 36 40 6f 70 65 6e 73 73 68 2e 63 6f  tp256 at openssh.co
> 00000050: 6d 00 00 00 08 6e 69 73 74 70 32 35 36 00 00 00  m....nistp256...
> ...
> 
> we see the number of keys 01 is followed by the length of the entire first key
> 00 00 00 7f, which is then followed by the 00 00 00 22 that starts the
> "sk-ecdsa-sha2-nistp256 at openssh.com" key that is wrapped (again the size of
> the key type identifier).
> 
> Thanks!  -Tyson
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list