秘钥文件格式

  • BEGIN RSA PRIVATE KEY indicates "PKCS#1" or "PEM" key format, which is Base64 encoding of an ASN.1 DER serialized structure. It's a basic ASN.1 sequence containing the RSA parameters (n, e, d, p, q, etc).

    OpenSSH actually has traditionally used this format as well – because it already uses OpenSSL's cryptographic code, so the "load key" and "write key" functions were also conveniently available.

    This means you can use ssh-keygen -m PEM to generate or convert such keys.

  • BEGIN PRIVATE KEY indicates "PKCS#8" key format (unencrypted); the contents are very similar to the above format, with the same RSA parameters nested inside another structure that indicates that it is indeed an RSA key.

    Compared to PEM, the PKCS#8 format more cleanly separates the "payload" (key algorithm, encryption) from the outer Base64 wrapper. It doesn't change the meaning of the data though.

    OpenSSH will recognize this format too (due to its OpenSSL usage for key loading).

  • BEGIN OPENSSH PRIVATE KEY is a format invented by OpenSSH for OpenSSH. This time it uses the SSHv2 packet serialization instead of DER.

    OpenSSH now uses this format so that it could avoid depending on OpenSSL entirely, and/or so that it could add new key algorithms without waiting for PKIX to standardize an ASN.1 serialization format (which otherwise has absolutely nothing to do with SSH) and then waiting for OpenSSL to implement it.

  • PuTTY has its own .ppk format. You can use /usr/bin/puttygen to convert between all of them.

  • See also: OpenSSH public key file format?

推荐阅读更多精彩内容

  • Substrate的transaction-payment模块分析 transaction-payment模块提供...
    建怀阅读 6,433评论 0 4
  • 16宿命:用概率思维提高你的胜算 以前的我是风险厌恶者,不喜欢去冒险,但是人生放弃了冒险,也就放弃了无数的可能。 ...
    yichen大刀阅读 4,254评论 0 3
  • 公元:2019年11月28日19时42分农历:二零一九年 十一月 初三日 戌时干支:己亥乙亥己巳甲戌当月节气:立冬...
    石放阅读 5,455评论 0 2
  • 今天上午陪老妈看病,下午健身房跑步,晚上想想今天还没有断舍离,马上做,衣架和旁边的的布衣架,一看乱乱,又想想自己是...
    影子3623253阅读 2,024评论 2 7