Skip to content

AQG Filesystem Scanner supported formats

SSH keys

SSH-2 public keys

OpenSSH public key or known_hosts format using one of the following algorithms:

  • ssh-rsa
  • ssh-dss
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-ed25519

PuTTY Private Key (PPK) files

The algorithms supported are the same as those supported for SSH-2 public keys.

PEM- or DER-encoded ASN.1 files

  • X.509 certificates (containing RSA, EC or DSA public keys)
  • X.509 format public keys
  • PKCS#8 encrypted and unencrypted private keys
  • RSA public and private keys
  • DSA private keys
  • Elliptic curve private keys

Keystores

In the initial release, keystore objects are inventoried, but their contents (keys and certificates) are not included in the inventory. Supported keystores include:

  • JavaKeystores (JKS, JCEKS, BKS, BKS_v1, UBER, BCFKS)
  • PKCS#12
  • Microsoft Serialized Certificate Stores (SST)

PKCS#7 files

PKCS#7 files are not included in the inventory, but any extracted keys will be inventoried.

PGP files

  • RSA public keys
  • DSA public keys
  • ElGamal public keys

ZIP files

When the AQG Filesystem Scanner encounters a .zip file, it scans the files inside it. It conducts the same checks as it would for typical files on a filesystem, with the following limitations:

  • JAR files inside ZIP archives aren’t supported.
  • ZIP files inside ZIP archives aren’t supported.

It’s also worth noting that the AQG Filesystem Scanner only supports files that follow the original PKZIP file format specification, without spanning across multiple files. In particular, it doesn’t support ZIP64 archives and the following limitations apply:

  • A maximum of 216 files can be inside the ZIP archive.
  • The maximum compressed size is 4 GB for each entry.
  • The maximum uncompressed size is 4 GB for each entry.
  • The maximum overall size of the ZIP archive is 4 GB.