Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Public key storage format in OpenSSH
- James S. Singleton
February 24, 2006, 8:01 pm
rate this thread
- Richard E. Silverman
February 25, 2006, 4:16 am
Re: Public key storage format in OpenSSH
JSS> OpenSSH stores public keys in totally different formats,
JSS> depending on whether version 1.5 or version 2 of the protocol is
JSS> being used. Can anybody explain the difference?
The first format was defined by the first implementation of SSH-1 by Tatu
Ylönen in 1995. A new format was needed for SSH-2, as SSH-1 only allowed
RSA keys whereas SSH-2 can have any number of key types, and OpenSSH
implements two: RSA and DSA.
JSS> For 1.5 the format is obvious; for 2, it is not.
some datatype definitions:
length = 4 bytes, 32-bit integer (big-endian)
string = [length L] [L bytes: the string]
bignum = string N (binary, length <= 8192)
where N = BIGNUM type as defined in the OpenSSL crypto library (openssl/bn.h)
(multiprecision [large] integer)
An OpenSSH public key line consists of:
key-type [base64 encoded string] comment
This is the format of base64-decoded bytes:
[string: key type in ASCII ("ssh-rsa"|"ssh-dsa"|"rsa"|"dsa")]
(yes, the key type is repeated inside the encoded portion)
(case RSA key)
bignum: public exponent (e)
bignum: modulus (n)
(case DSA key)
(<p,q,g,y> DSA key parameters as defined e.g. here:
- » z/os scp expects text files? I thought scp was binary only?
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum