datatracker.ietf.org
Sign in
Version 5.6.2.p2, 2014-07-24
Report a bug

The Secure Shell (SSH) Public Key File Format
RFC 4716

Document type: RFC - Informational (November 2006; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: WG Document
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 4716 (Informational)
Responsible AD: Sam Hartman
Send notices to: sommerfeld@sun.com

Network Working Group                                       J. Galbraith
Request for Comments: 4716                              VanDyke Software
Category: Informational                                        R. Thayer
                                                          Canola & Jones
                                                           November 2006

             The Secure Shell (SSH) Public Key File Format

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2006).

Abstract

   This document formally documents an existing public key file format
   in use for exchanging public keys between different Secure Shell
   (SSH) implementations.

   In addition, this document defines a standard textual representation
   for SSH public key fingerprints.

Table of Contents

   1. Introduction ....................................................2
   2. Conventions Used in This Document ...............................2
   3. Key File Format .................................................2
      3.1. Line Termination Characters ................................2
      3.2. Begin and End Markers ......................................3
      3.3. Key File Header ............................................3
           3.3.1. Subject Header ......................................3
           3.3.2. Comment Header ......................................4
           3.3.3. Private Use Headers .................................4
      3.4. Public Key File Body .......................................4
      3.5. Differences with RFC 1421 PEM Formats ......................4
      3.6. Examples ...................................................5
   4. Public Key Fingerprints .........................................6
   5. IANA Considerations .............................................6
   6. Security Considerations .........................................7
   7. References ......................................................8
      7.1. Normative References .......................................8
      7.2. Informative References .....................................8

Galbraith & Thayer           Informational                      [Page 1]
RFC 4716               SSH Public Key File Format          November 2006

1.  Introduction

   The SSH protocol supports the use of public/private key pairs in
   order to perform authentication based on public key cryptography.
   However, in order to use public key authentication in the SSH
   protocol, public keys must first be exchanged between client and
   server.

   This document formally describes an existing public key file format
   that can be used with any of the common existing file transfer
   mechanisms in order to exchange public keys.

   The SSH protocol also uses public/private key pairs to authenticate
   the server.  In this scenario, it is important to verify that the
   public key provided by the server is indeed the server's public key.
   This document describes a mechanism for creating a short text string
   that uniquely represents a particular public key, called
   fingerprinting.

2.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

3.  Key File Format

   In order to implement public key authentication, SSH implementations
   must share public key files between the client and the server in
   order to interoperate.

   A key file is a text file, containing a sequence of lines.  Each line
   in the file MUST NOT be longer than 72 8-bit bytes excluding line
   termination characters.

3.1.  Line Termination Characters

   Implementations SHOULD generate public key files using their system's
   local text file representation.

   In the event that public key files are not transferred as text files,
   implementations SHOULD be prepared to read files using any of the
   common line termination sequence, <CR>, <LF>, or <CR><LF>.

Galbraith & Thayer           Informational                      [Page 2]
RFC 4716               SSH Public Key File Format          November 2006

3.2.  Begin and End Markers

   The first line of a conforming key file MUST be a begin marker, which
   is the literal text:

   ---- BEGIN SSH2 PUBLIC KEY ----

[include full document text]