16

Triggered today by Remote Desktop Manager, whose SSH Key Generator offered to save a private key in OpenSSH format, but then proceeded to store it in PKCS#1 / OpenSSL format, while using the same random *.pri file extension for two of the offered formats.

save as

I just wanted to connect to an AWS EC2 instance, but WinSCP, FileZilla and PuTTY all use different private key formats.

Feel free to offer more insight, this is just my current incomplete understanding.

Martin Prikryl
  • 21,071
  • 9
  • 77
  • 157
Reto Höhener
  • 1,563
  • 6
  • 16
  • 30

1 Answers1

22

The file extension is often either random or not enough to identify the format.

Broad categories:

  • PEM files with ASN.1 data, encoded with DER
  • PEM files with data encoded in some other format
  • Non-PEM formats

PEM files wrap Base64 between -----BEGIN----- and -----END----- "tags". They are also commonly used to contain both private key and SSL certificate (-chain). Use an online ASN.1 decoder to check the Base64 contents of a PEM file.

PEM Files

PKCS#1 / OpenSSL: id_rsa, *.pem, *.der, *.key, ...

-----BEGIN RSA PRIVATE KEY-----

PuTTY Key Generator calls this "OpenSSH SSH-2 private key (old PEM format)" (?). The "SSLeay" or "traditional" format, according to this answer. Base64 starts with MII.... ASN.1 content. More info.

PKCS#8: *.pem, *.der, *.key, ...

-----BEGIN PRIVATE KEY----- or -----BEGIN ENCRYPTED PRIVATE KEY-----

Base64 of the unencrypted variation starts with MII...IBADAN. ASN.1 content, basically PKCS#1 plus version info. More info.

OpenSSH: *.??? (don't know what a typical file extension would be)

-----BEGIN OPENSSH PRIVATE KEY-----

PEM on the outside, but non-ASN.1 content. Apparently a somewhat undocumented format.

Non-PEM Files

PuTTY Private Key: *.ppk

Content also contains human readable words identifying it as a putty private key.

PKCS#12 / PFX: *.p12, *.pfx

PFX is a Microsoft format, later released in cleaned-up form as PKCS#12. The content is binary, and can contain not only a private key, but also an SSL certificate (-chain).

Community
  • 1
Reto Höhener
  • 1,563
  • 6
  • 16
  • 30
  • The OpenSSH format doesn't use DER, but it does use standard SSHv2 packet data types (e.g. `32-bit length, <...>` is exactly the standard format of a 'string' type in SSHv2 packets). So the documentation at [PROTOCOL.key](https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) and [draft-miller-ssh-agent](https://tools.ietf.org/html/draft-miller-ssh-agent-02#section-4.2.1) should be sufficient, combined with data type definitions at [RFC 4251](https://tools.ietf.org/html/rfc4251#section-5). – u1686_grawity Jan 07 '20 at 08:24
  • For OpenSSH 'new' format https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key . Nit: PKCS12 can (and almost always does) contain _X.509v3/PKIX_ certs, which are used not only for SSL/TLS but also S/MIME, XMLdsig/enc, some code signing, PDF signing, and more. (But not SSH.) – dave_thompson_085 Jan 07 '20 at 08:26
  • 1
    Please do NOT use an online decoder for your private PEM files. They are PRIVATE. – Rich Remer Aug 19 '22 at 15:10