#############################################################################
    SSHSecure - a program to harden OpenSSH from defaults
    Copyright (C) 2020  Brent Saner

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.
#############################################################################

ANNOTATED HEX REFERENCE:

PRIVATE:
0 "openssh-key-v1" string plus terminating nullbyte
1.0 uint32 allocator for 1.0.0
	1.0.0 cipher name (string) - if not encrypted (no passphrase), "none"
2.0 uint32 allocator for 2.0.0
	2.0.0 KDF name (string) - if not encrypted (no passphrase), "none"
3.0 uint32 allocator for 3.0.0 (nullbyte if unencrypted key)
	3.0.0 (virtual) KDF options. This is "missing" if it is an unencrypted key.
		3.0.0.0 uint32 allocator for 3.0.0.0.0
			3.0.0.0.0 Salt/IV (bytes)
		3.0.0.1 Number of rounds/"work factor" (uint32)
4.0 uint32 allocator for # of keys (currently unused; hardcoded to 1 (left zero-padded 0x01))
	4.0.0 uint32 allocator for public key #1 (4.0.0.0 to 4.0.0.1, inclusive)
		4.0.0.0 uint32 allocator for 4.0.0.0.0
			4.0.0.0.0 public key #1 keytype (string)
		4.0.0.1 uint32 allocator for 4.0.0.1.0
			4.0.0.1.0 public key #1 payload (bytes)
	4.0.1 uint32 allocator for private key #1 (4.0.1.0 to 4.0.1.5, inclusive?)[0]
		4.0.1.0 Checksum (random uint32) #1 (should match 4.0.1.1)
		4.0.1.1 Checksum (random uint32) #2 (should match 4.0.1.0)
		4.0.1.2 (virtual) Copy of public key (copy of 4.0.0.0 to 4.0.0.1, inclusive)
			4.0.1.2.0 uint32 allocator for 4.0.1.2.0.0
				4.0.1.2.0.0 public key #1 keytype (string)
			4.0.1.2.1 uint32 allocator for 4.0.1.2.1.0
				4.0.1.2.1.0 public key #1 payload (bytes)
		4.0.1.3 uint32 allocator for 4.0.1.3.0
			4.0.1.3.0 Private key #1 (bytes)
		4.0.1.4 uint32 allocator for 4.0.1.4.0
			4.0.1.4.0 Comment for key #1 (string)
		4.0.1.5 Sequential padding to align private key to cipher blocksize (8 for unencrypted keys)[1].


[0] If it is an encrypted key, everything below 4.0.1 is encrypted per 1.0.0, 2.0.0, and 3.0.0.
[1] Pad determined by: 8 - ((4.0.1.3 + 4.0.1.4) % 8) (??)



PUBLIC:
(Each .pub file's Base64 string contains 4.0.0.0 to 4.0.0.1 inclusive above)
0 uint32 allocator for 0.0
	0.0 Public key keytype (string)
1 uint32 allocator for 1.0
	1.0 Public key payload (bytes)