Describe pubkey format, prompted by bz#2853

While I'm here, describe and link to the remaining local PROTOCOL.*
docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and
PROTOCOL.mux)

1 files changed, 32 insertions, 1 deletions

diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL
index b0486cbbd3e..caa99920f57 100644
--- a/usr.bin/ssh/PROTOCOL
+++ b/usr.bin/ssh/PROTOCOL
@@ -458,4 +458,35 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.33 2018/08/10 00:27:15 djm Exp $
+4. Miscellaneous changes
+
+4.1 Public key format
+
+OpenSSH public keys, as generated by ssh-keygen(1) and appearing in
+authorized_keys files, are formatted as a single line of text consisting
+of the public key algorithm name followed by a base64-encoded key blob.
+The public key blob (before base64 encoding) is the same format used
+for the encoding of public keys sent on the wire, e.g. as described in
+RFC4253 section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA
+keys and the "New public key formats" section of PROTOCOL.certkeys for
+the OpenSSH certificate formats.
+
+4.2 Private key format
+
+OpenSSH private keys, as generated by ssh-keygen(1) use the format
+described in PROTOCOL.key by default. As a legacy option, PEM format
+(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys
+and were the default format before OpenSSH 7.8.
+
+4.3 KRL format
+
+OpenSSH supports a compact format for Key Revocation Lists (KRLs). This
+format is described in the PROTOCOL.krl file.
+
+4.4 Connection multiplexing
+
+OpenSSH's connection multiplexing uses messages as described in
+PROTOCOL.mux over a Unix domain socket for communications between a
+master instance and later clients.
+
+$OpenBSD: PROTOCOL,v 1.34 2018/08/10 00:42:29 djm Exp $