Include the changes made to the format file, too
This commit is contained in:
parent
9e0696bbdc
commit
49576e052d
|
@ -1,22 +1,42 @@
|
|||
The file has a header like
|
||||
u8[3]: magic = b'WOT'
|
||||
u8: version = 0
|
||||
Please note that all text insire quotes in the EBNF here is to be taken to
|
||||
mean bytes that would decode as that using either the ASCII or the UTF-8
|
||||
character encoding. "\n" refers specifically to the byte 0x0a, and no
|
||||
alternative newlines are acceptable.
|
||||
|
||||
After the header the entries are laid out as
|
||||
u8[32]: salt
|
||||
u8[32]: sha256(host concat salt)
|
||||
u8[32]: sha256-fingerprint
|
||||
u16le: comment-bytes
|
||||
utf8[]: comment
|
||||
The file has a header like:
|
||||
|
||||
If port is not 22, the host is [host]:port. This is in accordance with how
|
||||
magic = "SSHWOT" ;
|
||||
version = "0" ;
|
||||
comment = " ", ? General comment about the file. Valid utf-8, no '\n'. ? ;
|
||||
header = magic, version, [comment], "\n" ;
|
||||
|
||||
Examples of valid headers would be "SSHWOT0\n" and "SSHWOT0 Emma G. 2018\n".
|
||||
|
||||
"SSHWOT0 \n" is not valid, since a space marks that there will be a comment.
|
||||
|
||||
After the header the entries are laid out as:
|
||||
|
||||
salt = ? base64 encoded salt, 44 bytes long ? ;
|
||||
hashed host = ? base64 encoded sha256(host concat salt), 44 bytes long ? ;
|
||||
fingerprint = ? base64 encoded sha256-fingerprint, 44 bytes long ? ;
|
||||
comment = " ", ? Comment about the host/key. Valid utf-8, no '\n'. ? ;
|
||||
entry = salt, hashed host, fingerprint, [comment], "\n" ;
|
||||
|
||||
The version of base64 used uses + for 62 and / for 63, uses = for padding,
|
||||
and contains no breaks.
|
||||
|
||||
Examples of valid entries are
|
||||
"Yixx+B6zrFoubPhBddgyx0nXHmbqMW1Wzneo4JqJv0U=yPUACFC/zPt/ENoIluOuWiTXor3r7oHhac63qej637E=QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2A=\n"
|
||||
and
|
||||
"bd/MfFs+DMVqNQQoZGGCvpTopeS0/Jt6GS5vg7J+638=cbbdTnuIh0ZwnM+/r3sAu4iHgaN3mpkcP9kJND4vBUo=YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4A= The old one\n"
|
||||
|
||||
Again, if there is a space following the necessary parts, there must also be
|
||||
a comment or else the entry is malformed.
|
||||
|
||||
If port is not 22, the host is [domain]:port. This is in accordance with how
|
||||
OpenSSH stores it in .ssh/known_hosts. Internationalized domain names are
|
||||
punycoded and all domain names are converted into lower case. This differs
|
||||
from OpenSSH, which is not IDN-aware.
|
||||
|
||||
Sha256 is used instead of a password hash since we want checking for whether
|
||||
a host is present to be reasonably fast.
|
||||
|
||||
The comment field can have any other valid Unicode, but must not contain
|
||||
newline characters. An implementation should check for them when displaying
|
||||
the comment.
|
||||
|
|
Loading…
Reference in New Issue