Bug 2865

Summary:	OpenSSH private key format documentation seems off
Product:	Portable OpenSSH	Reporter:	terrafrost
Component:	Documentation	Assignee:	Assigned to nobody <unassigned-bugs>
Status:	NEW ---
Severity:	enhancement
Priority:	P5
Version:	7.7p1
Hardware:	Other
OS:	Windows 10

Description terrafrost 2018-05-09 12:20:47 AEST

I do ssh-keygen -t ed25519 and get the following private key:

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINAAAAKCouUdrqLlH
awAAAAtzc2gtZWQyNTUxOQAAACDi2XfiIvuuAB/U7eY2FdkboXZHNlSe7n86oOKiWCCINA
AAAEAi3voQW6X2cPzaSqBnW47sqnfEz9DrKEFwcP48S5+cyOLZd+Ii+64AH9Tt5jYV2Ruh
dkc2VJ7ufzqg4qJYIIg0AAAAG2p3aWdnaW50b25Abm9kZTIucGFwMzYwLmNvbQEC
-----END OPENSSH PRIVATE KEY-----

The documentation for that format is discussed here:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD

I think this would be a more accurate description of the private key format:

----------------------------------

3. Unencrypted list of N private keys

The list of privatekey/comment pairs is padded with the
bytes 1, 2, 3, ... until the total length is a multiple
of the cipher block size.

       uint32  checkint
       uint32  checkint
       string  typeofkey (ssh-ed25519, ssh-rsa, etc)
       string  publickey
       string  privatekey
       string  comment
       char    1
       char    2
       char    3
       ...
       char    padlen % 255

----------------------------------

Maybe after that first comment the strings should repeat idk (idk how to generate, with OpenSSH, a key that contains multiple private keys).

I'm also assuming that http://tools.ietf.org/html/rfc4253#section-6 applies to OpenSSH private keys:

   Note that the length of the concatenation of 'packet_length',
   'padding_length', 'payload', and 'random padding' MUST be a multiple
   of the cipher block size or 8, whichever is larger.

Seems like it might be nice to mention that in the docs..