From d16e26e779aa2e00abc84da0a2de89b8807333d8 Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 7 May 2021 02:29:40 +0000 Subject: [PATCH] correct mistake in spec - the private key blobs are encoded verbatim and not as strings (i.e. no 4-byte length header) --- usr.bin/ssh/PROTOCOL.key | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/usr.bin/ssh/PROTOCOL.key b/usr.bin/ssh/PROTOCOL.key index 959bd7aeec2..38df268b653 100644 --- a/usr.bin/ssh/PROTOCOL.key +++ b/usr.bin/ssh/PROTOCOL.key @@ -35,9 +35,9 @@ of the cipher block size. uint32 checkint uint32 checkint - string privatekey1 + byte[] privatekey1 string comment1 - string privatekey2 + byte[] privatekey2 string comment2 ... string privatekeyN @@ -48,6 +48,9 @@ of the cipher block size. ... char padlen % 255 +where each private key is encoded using the same rules as used for +SSH agent. + Before the key is encrypted, a random integer is assigned to both checkint fields so successful decryption can be quickly checked by verifying that both checkint fields @@ -65,4 +68,4 @@ For unencrypted keys the cipher "none" and the KDF "none" are used with empty passphrases. The options if the KDF "none" are the empty string. -$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $ +$OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $ -- 2.20.1