Re: Private key interchange format?

[Ron Frederick <ronf%timeheart.net@localhost>]

This format has been around a while. From https://www.openssh.com/releasenotes.html, it looks like it first appeared in OpenSSH 6.5 released in early 2014. According to that doc, it because the default format in OpenSSH for private keys generated by OpenSSH beginning in OpenSSH 7.8, released in 2018.

Documentation on the key format can be found at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key.

I added support for this format in AsyncSSH 1.0.0 back in 2015, based on the above doc and it has been working well.

On Apr 13, 2022, at 11:39 AM, Mouse <mouse%Rodents-Montreal.ORG@localhost> wrote:

Recently, at work, I found what looked like base64ed data blobs
delimited by lines

-----BEGIN OPENSSH PRIVATE KEY-----

and

-----END OPENSSH PRIVATE KEY-----

in a context which at least superficially is not ssh-related.

These look provocatively similar to the defined public-key interchange
format, though there are notable differences.

But I don't recall seeing anything about an interchange format being
defined for private keys.  I can see multiple alternatives here, and
some of them are things that people at your remove from the situation
can't really tell the difference between (for example, if that could be
OpenSSH-generated, it is, or is it something else (ab)using the same
format?).

I'm writing to ask (a) did I miss a standardization of a private-key
interchange format? and (b) is there a version of OpenSSH that uses
those lines?  When I did a quick test with the OpenSSH installed on a
work machine (on my own machines I use moussh, not OpenSSH) I got
"BEGIN RSA PRIVATE KEY", not "BEGIN OPENSSH PRIVATE KEY".

/~\ The ASCII  Mouse
\ / Ribbon Campaign
X  Against HTML mouse%rodents-montreal.org@localhost
/ \ Email!     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

-- 
Ron Frederick
ronf%timeheart.net@localhost