From: djm Date: Fri, 10 Aug 2018 00:42:29 +0000 (+0000) Subject: Describe pubkey format, prompted by bz#2853 X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7cf46ae9354689f0f07468e3f877aa075b6a615f;p=openbsd Describe pubkey format, prompted by bz#2853 While I'm here, describe and link to the remaining local PROTOCOL.* docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and PROTOCOL.mux) --- diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL index b0486cbbd3e..caa99920f57 100644 --- a/usr.bin/ssh/PROTOCOL +++ b/usr.bin/ssh/PROTOCOL @@ -458,4 +458,35 @@ respond with a SSH_FXP_STATUS message. This extension is advertised in the SSH_FXP_VERSION hello with version "1". -$OpenBSD: PROTOCOL,v 1.33 2018/08/10 00:27:15 djm Exp $ +4. Miscellaneous changes + +4.1 Public key format + +OpenSSH public keys, as generated by ssh-keygen(1) and appearing in +authorized_keys files, are formatted as a single line of text consisting +of the public key algorithm name followed by a base64-encoded key blob. +The public key blob (before base64 encoding) is the same format used +for the encoding of public keys sent on the wire, e.g. as described in +RFC4253 section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA +keys and the "New public key formats" section of PROTOCOL.certkeys for +the OpenSSH certificate formats. + +4.2 Private key format + +OpenSSH private keys, as generated by ssh-keygen(1) use the format +described in PROTOCOL.key by default. As a legacy option, PEM format +(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys +and were the default format before OpenSSH 7.8. + +4.3 KRL format + +OpenSSH supports a compact format for Key Revocation Lists (KRLs). This +format is described in the PROTOCOL.krl file. + +4.4 Connection multiplexing + +OpenSSH's connection multiplexing uses messages as described in +PROTOCOL.mux over a Unix domain socket for communications between a +master instance and later clients. + +$OpenBSD: PROTOCOL,v 1.34 2018/08/10 00:42:29 djm Exp $