Why Do SSH Public Keys Share the Same Initial Characters? Decoding the “AAAAB3” Prefix in RSA Keys


2 views

When examining SSH public keys, you'll notice most RSA keys begin with:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...

This isn't a coincidence or security flaw - it's actually encoding important metadata about the key structure.

The initial "AAAAB3NzaC1yc2E" portion represents the Base64-encoded ASN.1 header that describes:

1. Key algorithm identifier (RSA)
2. Public exponent (usually 65537)
3. Modulus length

We can decode this manually using OpenSSL:

echo AAAAB3NzaC1yc2EAAAADAQABAAABAQ... | base64 -d | openssl asn1parse -inform DER

The standardized prefix serves several purposes:

  • Quick algorithm identification
  • Validation of key structure
  • Backwards compatibility

For example, when you see:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5...

The different prefix immediately signals an Ed25519 key instead of RSA.

While the prefix is consistent for standard key parameters, you can generate keys with different beginnings by:

# Using uncommon exponent value
ssh-keygen -t rsa -b 4096 -m PEM -e 3

# Using different key format
ssh-keygen -t ecdsa -b 521

But in practice, most implementations use the same optimized parameters for performance and security reasons.

The identical prefixes don't weaken security because:

  • The unique part comes after the header
  • The full key fingerprint remains unique
  • The private key material isn't exposed

You can verify key uniqueness with:

ssh-keygen -lf ~/.ssh/id_rsa.pub

When examining SSH public keys, you'll notice they often begin with the same sequence: AAAAB3NzaC1yc2E. This isn't a coincidence or security flaw - it's actually an encoded header that reveals important information about the key.

The initial portion of an SSH public key is a Base64-encoded representation of the key's metadata. Let's break down what this means:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ...
└───┬──┘ └──────┬──────┘
   |          |
   |          Base64-encoded key data
   Key type identifier

When decoded, AAAAB3NzaC1yc2E reveals:

00000000  00 00 00 07 73 73 68 2d  72 73 61 00 00 00 03 01  |....ssh-rsa.....|
00000010  00 01 00                                          |...|

This binary structure contains:

  • Key type (7 bytes for "ssh-rsa")
  • Exponent length (3 bytes)
  • Exponent value (1 byte)

The identical beginning occurs because:

  1. They use the same algorithm (RSA)
  2. They share common initial parameters
  3. The actual unique key material comes later in the string

You can examine your key's structure using:

ssh-keygen -lf ~/.ssh/id_rsa.pub

Or for more details:

python -c "import base64; print(base64.b64decode('AAAAB3NzaC1yc2E').hex())"

While the prefix is identical, the security comes from the subsequent unique key material. The probability of two keys matching beyond the header is astronomically low.

If you want different prefixes, you need to use different algorithms:

ssh-keygen -t ed25519  # Will have a different prefix
ssh-keygen -t ecdsa    # Another distinct prefix