I’m currently working on a library with secure authentication process. I wanted to support ppk file loading for ed25519 private keys. I used the original source code of putty to determine how the decoding of password protected files worked. I generated a demo file with a password protected and a non password protected private key. Decrypting both files turned out that the private key of the password protected file was 12 bytes longer, both decrypted private keys shared the first 36byte. They both had the same public key.
From the putty source code i can’t see any sublisting. Am I doing something wrong? Other libraries have have the same result.