===== v1 (Plain) [TIP] ==== Since plaintext/unencrypted keys do not have a cipher or KDF (as there's no encryption key or algorithm used), they use the string "none" to identify these (and entirely leave out the KDF options). ==== [id=struct_rsa_plain] ====== Structure [source,text,linenums] ---- 0.0 "openssh-key-v1" string plus terminating nullbyte (15 bytes) 1.0 uint32 allocator for 1.0.0 (4 bytes) 1.0.0 cipher name string (ASCII bytes) 2.0 uint32 allocator for 2.0.0 (4 bytes) 2.0.0 KDF name string (ASCII bytes) 3.0 uint32 allocator for KDF options (3.0.0 to 3.0.1) (4 bytes) (ALWAYS 0 for unencrypted keys, so no following substructure) 4.0 uint32 counter for # of keys (4 bytes) 4.0.0 uint32 allocator for public key #n (4.0.0.0 to 4.0.0.1) (4 bytes) 4.0.0.0 uint32 allocator for 4.0.0.0.0 (4 bytes) 4.0.0.0.0 public key #n keytype string (ASCII bytes) 4.0.0.1 uint32 allocator for 4.0.0.1.0 (4 bytes) 4.0.0.1.0 public exponent ('e') 4.0.0.2 uint32 allocator for 4.0.0.2.0 (4 bytes) 4.0.0.2.0 modulus ('n') 4.0.1 uint32 allocator for private key structure #n (4.0.1.0 to 4.0.1.5) (4 bytes) 4.0.1.0 uint32 decryption "checksum" #1 (should match 4.0.1.1) (4 bytes) 4.0.1.1 uint32 decryption "checksum" #2 (should match 4.0.1.0) (4 bytes) 4.0.1.2 copy of 4.0.0.0; allocator for 4.0.1.2.0 (4 bytes) 4.0.1.2.0 copy of 4.0.0.0.0 (ASCII bytes) 4.0.1.3 copy of 4.0.0.2; allocator for 4.0.1.3.0 (4 bytes) 4.0.1.3.0 copy of 4.0.0.2.0 (bytes) 4.0.1.4 copy of 4.0.0.1; allocator for 4.0.1.4.0 (4 bytes) 4.0.1.4.0 copy of 4.0.0.1.0 (bytes) 4.0.1.5 uint32 allocator for 4.0.1.5.0 (4 bytes) 4.0.1.5.0 private exponent ('d') 4.0.1.6 uint32 allocator for 4.0.1.6.0 (4 bytes) 4.0.1.6.0 CRT helper value ('q^(-1) % p') 4.0.1.7 uint32 allocator for 4.0.1.7.0 (4 bytes) 4.0.1.7.0 prime #1 ('p') 4.0.1.8 uint32 allocator for 4.0.1.8.0 (4 bytes) 4.0.1.8.0 prime #2 ('q') 4.0.1.9 uint32 allocator for 4.0.1.9.0 (4 bytes) 4.0.1.9.0 comment for key #n string (ASCII bytes) 4.0.1.10 sequential padding ---- [NOTE] ==== *Chunk 3.0.0 to 3.0.1:* These blocks are not present in unencrypted keys (see the <> for what these look like). *3.0* reflects this, as it's always going to be `00000000` (0). *Chunk 4.0:* This is technically currently unused; upstream hardcodes to 1 (left zero-padded 0x01). *Chunk 4.0.0.1.0, 4.0.0.2.0, 4.0.1.3.0, 4.0.1.4.0:* Note that the ordering of `e`/`n` in *4.0.0* is changed to `n`/`e` in *4.0.1*. *Chunk 4.0.1.10:* The padding used aligns the private key (*4.0.1.0* to *4.0.1.9.0*) to the cipher blocksize. For plaintext keys, a blocksize of 8 is used. ==== [id=bytes_rsa_plain] ====== Example The following example, being encrypted, is protected with a passphrase. The passphrase used in this example key is *`test`*. .`id_rsa` Format [source,text,linenums] ---- -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn NhAAAAAwEAAQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZPzCyuf3Ur8swDJGPKnfW RBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/t0LHoZaGb9MYSs6Wdhrd oPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdTp4JaiblSdfnAJeIVNDxs iM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J58aeCQNuKu9psUHFMljZl CnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2OkKzFyfuk1udnUH+6ufOn 9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8D00jNn/HcDdBZ7fwkm+2 /bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ/NjK0FqsKusj2/GaN+SA oAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs8yloZc1mQ8iSTVZuv0lx gJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEho/B0WqTQWGMxczJXhVpc 7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuNrOB+cbOPPzWVQz9psZjw cAAAdQU4NHElODRxIAAAAHc3NoLXJzYQAAAgEAt87ARgHOKhLwySTLmjDrmQBmgSyxQ2kZ PzCyuf3Ur8swDJGPKnfWRBDzYXrnyMoxjCV9PE304sQQi7vpOoaJS6FLNXXy9yFQvDgdy/ t0LHoZaGb9MYSs6WdhrdoPwpkvbIZtdWmRn8ItnEvw3kBajHbVGaoqUyncaCV3ciml0LdT p4JaiblSdfnAJeIVNDxsiM1mkKIh+K6e9nXuRk3H0RjaQQUH6l1rZIndYK/YpmRkkts+J5 8aeCQNuKu9psUHFMljZlCnIIHn+l1HLBQosH6uXRW2TqHip1CFEv6atlX4ajE0htPMod2O kKzFyfuk1udnUH+6ufOn9ox0gUKvKjcB0xqKm3URlYqncYe6cC7ZNNOFr87kI4DpXg5+m8 D00jNn/HcDdBZ7fwkm+2/bbQWq0c/RkYJIRbAU4YFTvw0dPDsfrbslo/HRUfm2hGM9jBaQ /NjK0FqsKusj2/GaN+SAoAiRAxnBFtR72SSzmUJUO4ig9hJ5UrLY4SkPMCn1Qq6+nAyONs 8yloZc1mQ8iSTVZuv0lxgJOZoawJb+Htw7X4cb9e8LTUTg6idiDSBRQuC/z2d7TbAlUyEh o/B0WqTQWGMxczJXhVpc7L46xEA9BP8MwMWLfASQS0AhJcK8KmOiDrswnMbz5l2zAaBYuN rOB+cbOPPzWVQz9psZjwcAAAADAQABAAACAEmfLHBeBL/hekR20n5eHd/YwzX2OsIvdIdU 8CGDRA9tqT8/hkKSYWY+C939pp1ML3BdC7590xqJQb9WcuKYRKHgZwlwxvKpi3b4Wyb6/t tZxJeGuN9+ruuGFx/Vef6N8OrdJTakJEoDMtWprT64NAyTBGQVPoK0/61PZHp7qAjjhURQ +Aa2DgtnD8mctrWHhkl9TBmed1DuUImTTu8l9GUSOUlVxIfhB0Tr25oAlRyAlbAk1M518d oxRrWzRHFp9Z4j1AaFQ4vHvK0Rc5J6OJoJA7oRGkaAnRI7NDIZfMqPwMJ4FvvyFcK3xYS5 TzfJ7YqOgVlC7/3PVHVyaK/lj9cAzc9qmKIJUGF7BiSqg12V4n16/N7nDDl8obaqBHNebV xeAb//IXTPVi02hCYkSQ4SyoFCWV1SVnSU84shJAEsrKyyVk4hyEXrlPXW6/bzkGbh+gSz GBdOb5mUgjuk2e8sKLN8s+oF+jytcgCJg5QnaDVSPk5BYFTyPbDrcyIR06EepVE5CujVjW nhRmTg4g8r8MzSTSYLgyqUFE9YAep827JDbyG6LbrsvNVz8kxeDUP9JrSuZ2ThON2vR3Ws AWPkVyfBACf3FsvjzHD/9zRBuyU45UJqGlY4tEinveloBB7CGE72ew2mAHApfNc97u/r0Z UWEcendslW4Y5fFjohAAABAAri4c8kVaDYInLmpCu7qD63ZUluWjPhO4yUdW2MMvfXUF/Z l73V7AjFm/jR1lnR3wK+xmnrtaqvXbHscM4vKms6F7ex/OOtxiA8KQXNZS12IgZd0BGuM4 lEZ8bco2Q5UrDK7f+bx4rEBAgHQCdWbuTEdRrT/0UqJ4Gvi1wsm/CbNO5eYgEzC0vDga92 Z5hmfFua0HM8GfTvR1/SZGVeAwVT8vL43lnCrudLndZyDjEIFD3+3UHPS8Ed4rmp9A+uxy pSMSq+5MYVWs/uk4ShY0jHFTRuvmk4lf5tI0jU3tsKE3xIcYX/lJwgkRW5yKEGMpmR8Eno Qwx7pg3VQI1yrJgAAAEBAOULZbpq5MsprmYSnD5B/+ujbNbsuqcEX/kM6nHQm8BWsLkTTc V1TEnaH+irFpzRSe7a7M9JE9kV9PJBxf2Gx3UR4MJhw0RgCoTM546M9JPkkoRMuCxCq20S RqU+XPUK1HWcKlwJ1TscXDtEkyjuoBQ01uU3s6UTko363fCnJygjiZuNeVIgyzNEq40OhG 4eQP/ftccZJiwrUnqJClH6q88QkEaZE197mXSH9LSNRJCtgPwls0b6C7WH8JKVvw9xrBCo CGhn1LrQCgwnpkVvCODCv4yu2HaPA2aiRAQoGAopJhevYf6rq5pwdbi8ISCaVDm7/jYTkX Bx/udKjV2A/pkAAAEBAM1wd2WfrZgxBLzH3FJiQrnqUs6kDpI993GsKijjd/K5IxpYwkSM a40X/oNXHva9u8EfPUq0JU6oWWhLh3KRH5xvNVR5BT4+PTpuzOE6AWkIKYyj+LYo0hEXSa NidijrBYRPVGeVpQZ9ObHTBOGcxvwb4AphZOoz5Ku8h/VoMicdglyGjFzNo3dbA3cR6ZQ2 +WxT83gLmFCE4dhKRYxoerCTigm/b5s//sQe0C/VsnVyx9GAA55AWlWbYvwI+ASxnwQ9uk xvdWWxxydZ9Lky1Pk9T0HakbGxRvKYVKEAg0HkdgvdSYcJfsSmVRq5bgmaBKONaok7Uz2x hau1VzZBnp8AAAAYVGhpcyBpcyBhIGNvbW1lbnQgc3RyaW5nAQID -----END OPENSSH PRIVATE KEY----- ---- .Structure Reference (Hex) (Decoded Base64) [source,text,linenums] ---- 0.0 6f70656e7373682d6b65792d763100 ("openssh-key-v1" + 0x00) 1.0 0000000a (10) 1.0.0 6165733235362d637472 ("none") 2.0 00000006 (6) 2.0.0 626372797074 ("none") 3.0 00000000 (0) 4.0 00000001 (1) 4.0.0 00000217 (535) 4.0.0.0 00000007 (7) 4.0.0.0.0 7373682d727361 ("ssh-rsa") 4.0.0.1 00000003 (3) 4.0.0.1.0 010001 (65537) 4.0.0.2 00000201 (513) 4.0.0.2.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689 4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299 2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0 b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7 d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5 0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6 55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af 2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0 f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf 0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a 37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029 f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074 5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2 bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f 07 (bytes) 4.0.1 00000750 (1872) 4.0.1.0 53834712 (1401112338) 4.0.1.1 53834712 (1401112338) 4.0.1.2 00000007 (7) 4.0.1.2.0 7373682d727361 ("ssh-rsa") 4.0.1.3 00000201 (513) 4.0.1.3.0 00b7cec04601ce2a12f0c924cb9a30eb990066812cb14369193f30b2b9fdd4af cb300c918f2a77d64410f3617ae7c8ca318c257d3c4df4e2c4108bbbe93a8689 4ba14b3575f2f72150bc381dcbfb742c7a196866fd3184ace96761adda0fc299 2f6c866d7569919fc22d9c4bf0de405a8c76d519aa2a5329dc6825777229a5d0 b753a7825a89b95275f9c025e215343c6c88cd6690a221f8ae9ef675ee464dc7 d118da410507ea5d6b6489dd60afd8a6646492db3e279f1a78240db8abbda6c5 0714c9636650a72081e7fa5d472c1428b07eae5d15b64ea1e2a7508512fe9ab6 55f86a313486d3cca1dd8e90acc5c9fba4d6e767507fbab9f3a7f68c748142af 2a3701d31a8a9b7511958aa77187ba702ed934d385afcee42380e95e0e7e9bc0 f4d23367fc770374167b7f0926fb6fdb6d05aad1cfd191824845b014e18153bf 0d1d3c3b1fadbb25a3f1d151f9b684633d8c1690fcd8cad05aac2aeb23dbf19a 37e480a008910319c116d47bd924b39942543b88a0f6127952b2d8e1290f3029 f542aebe9c0c8e36cf3296865cd6643c8924d566ebf4971809399a1ac096fe1e dc3b5f871bf5ef0b4d44e0ea27620d205142e0bfcf677b4db025532121a3f074 5aa4d0586331733257855a5cecbe3ac4403d04ff0cc0c58b7c04904b402125c2 bc2a63a20ebb309cc6f3e65db301a058b8dace07e71b38f3f3595433f69b198f 07 (bytes) 4.0.1.4 00000003 (3) 4.0.1.4.0 010001 (65537) 4.0.1.5 00000200 (512) 4.0.1.5.0 499f2c705e04bfe17a4476d27e5e1ddfd8c335f63ac22f748754f02183440f6d a93f3f86429261663e0bddfda69d4c2f705d0bbe7dd31a8941bf5672e29844a1 e0670970c6f2a98b76f85b26fafedb59c49786b8df7eaeeb86171fd579fe8df0 eadd2536a4244a0332d5a9ad3eb8340c930464153e82b4ffad4f647a7ba808e3 854450f806b60e0b670fc99cb6b58786497d4c199e7750ee5089934eef25f465 12394955c487e10744ebdb9a00951c8095b024d4ce75f1da3146b5b3447169f5 9e23d40685438bc7bcad1173927a389a0903ba111a46809d123b3432197cca8f c0c27816fbf215c2b7c584b94f37c9ed8a8e815942effdcf54757268afe58fd7 00cdcf6a98a20950617b0624aa835d95e27d7afcdee70c397ca1b6aa04735e6d 5c5e01bfff2174cf562d36842624490e12ca8142595d52567494f38b2124012c acacb2564e21c845eb94f5d6ebf6f39066e1fa04b318174e6f9994823ba4d9ef 2c28b37cb3ea05fa3cad7200898394276835523e4e416054f23db0eb732211d3 a11ea551390ae8d58d69e14664e0e20f2bf0ccd24d260b832a94144f5801ea7c dbb2436f21ba2dbaecbcd573f24c5e0d43fd26b4ae6764e138ddaf4775ac0163 e45727c10027f716cbe3cc70fff73441bb2538e5426a1a5638b448a7bde96804 1ec2184ef67b0da60070297cd73deeefebd1951611c7a776c956e18e5f163a21 (bytes) 4.0.1.6 00000100 (256) 4.0.1.6.0 0ae2e1cf2455a0d82272e6a42bbba83eb765496e5a33e13b8c94756d8c32f7d7 505fd997bdd5ec08c59bf8d1d659d1df02bec669ebb5aaaf5db1ec70ce2f2a6b 3a17b7b1fce3adc6203c2905cd652d7622065dd011ae33894467c6dca3643952 b0caedff9bc78ac40408074027566ee4c4751ad3ff452a2781af8b5c2c9bf09b 34ee5e6201330b4bc381af766798667c5b9ad0733c19f4ef475fd264655e0305 53f2f2f8de59c2aee74b9dd6720e3108143dfedd41cf4bc11de2b9a9f40faec7 2a52312abee4c6155acfee9384a16348c715346ebe693895fe6d2348d4dedb0a 137c487185ff949c209115b9c8a106329991f049e8430c7ba60dd5408d72ac98 (bytes) 4.0.1.7 00000101 (257) 4.0.1.7.0 00e50b65ba6ae4cb29ae66129c3e41ffeba36cd6ecbaa7045ff90cea71d09bc0 56b0b9134dc5754c49da1fe8ab169cd149eedaeccf4913d915f4f241c5fd86c7 7511e0c261c344600a84cce78e8cf493e492844cb82c42ab6d1246a53e5cf50a d4759c2a5c09d53b1c5c3b449328eea01434d6e537b3a513928dfaddf0a72728 23899b8d795220cb3344ab8d0e846e1e40ffdfb5c719262c2b527a890a51faab cf10904699135f7b997487f4b48d4490ad80fc25b346fa0bb587f09295bf0f71 ac10a8086867d4bad00a0c27a6456f08e0c2bf8caed8768f0366a2440428180a 292617af61feabab9a7075b8bc21209a5439bbfe3613917071fee74a8d5d80fe 99 (bytes) 4.0.1.8 00000101 (257) 4.0.1.8.0 00cd7077659fad983104bcc7dc526242b9ea52cea40e923df771ac2a28e377f2 b9231a58c2448c6b8d17fe83571ef6bdbbc11f3d4ab4254ea859684b8772911f 9c6f355479053e3e3d3a6ecce13a016908298ca3f8b628d2111749a3627628eb 05844f546795a5067d39b1d304e19cc6fc1be00a6164ea33e4abbc87f5683227 1d825c868c5ccda3775b037711e99436f96c53f3780b985084e1d84a458c687a b0938a09bf6f9b3ffec41ed02fd5b27572c7d180039e405a559b62fc08f804b1 9f043dba4c6f7565b1c72759f4b932d4f93d4f41da91b1b146f29854a1008341 e4760bdd4987097ec4a6551ab96e099a04a38d6a893b533db185abb55736419e 9f (bytes) 4.0.1.9 00000018 (24) 4.0.1.9.0 54686973206973206120636f6d6d656e7420737472696e67 ("This is a comment string") 4.0.1.10 010203 ([1 2 3], 3 bytes) ----