putty/doc/man-puttygen.but

\cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite}

\H{puttygen-manpage} Man page for PuTTYgen

\S{puttygen-manpage-name} NAME

\cw{puttygen} - public-key generator for the PuTTY tools

\S{puttygen-manpage-synopsis} SYNOPSIS

\c puttygen ( keyfile | -t keytype [ -b bits ] [ --primes method ] [ -q ] )
\e bbbbbbbb   iiiiiii   bb iiiiiii   bb iiii     bbbbbbbb iiiiii     bb
\c          [ -C new-comment ] [ -P ] [ --reencrypt ]
\e            bb iiiiiiiiiii     bb     bbbbbbbbbbb
\c          [ --certificate cert-file | --remove-certificate ]
\e            bbbbbbbbbbbbb iiiiiiiii   bbbbbbbbbbbbbbbbbbbb
\c          [ -O output-type | -l | -L | -p | --dump | --cert-info ]
\e            bb iiiiiiiiiii   bb   bb   bb   bbbbbb   bbbbbbbbbbb  
\c             [ --ppk-param key=value,... | -E fptype ]
\e               bbbbbbbbbbb iiibiiiiib      bb iiiiii
\c          [ -o output-file ]
\e            bb iiiiiiiiiii

\S{puttygen-manpage-description} DESCRIPTION

\c{puttygen} is a tool to generate and manipulate SSH public and
private key pairs. It is part of the PuTTY suite, although it can
also interoperate with the key formats used by some other SSH clients.

When you run \c{puttygen}, it does three things. Firstly, it either
loads an existing key file (if you specified \e{keyfile}), or
generates a new key (if you specified \e{keytype}). Then, it
optionally makes modifications to the key (such as changing the comment
and/or the passphrase); finally, it outputs the key, or some
information about the key, to a file.

All three of these phases are controlled by the options described in
the following section.

\S{puttygen-manpage-options} OPTIONS

In the first phase, \c{puttygen} either loads or generates a key.
Note that generating a key requires random data, which can cause
\c{puttygen} to pause, possibly for some time if your system does
not have much randomness available.

The options to control this phase are:

\dt \e{keyfile}

\dd Specify a key file to be loaded. (Use \cq{-} to read a key
file from standard input.)

\lcont{

Usually this will be a private key, which can be in the (de facto
standard) SSH-1 key format, or in PuTTY's SSH-2 key format, or in
either of the SSH-2 private key formats used by OpenSSH and
ssh.com's implementation.

You can also specify a file containing only a \e{public} key here.
The operations you can do are limited to outputting another public
key format (possibly removing an attached certificate first), or a
fingerprint. Public keys can be in RFC 4716 or OpenSSH format, or
the standard SSH-1 format.

}

\dt \cw{\-t} \e{keytype}

\dd Specify a type of key to generate. The acceptable values here are
\c{rsa}, \c{dsa}, \c{ecdsa}, \c{eddsa}, \c{ed25519}, and \c{ed448}
(to generate SSH-2 keys), and \c{rsa1} (to generate SSH-1 keys).

\dt \cw{\-b} \e{bits}

\dd Specify the size of the key to generate, in bits. Default for
\c{rsa} and \c{dsa} keys is 2048.

\dt \cw{\-\-primes} \e{method}

\dd Method for generating prime numbers. The acceptable values here
are \c{probable} (the default), \c{proven}, and \c{proven-even};
the later methods are slower. (Various synonyms for these method
names are also accepted.)

\lcont{

The \q{probable primes} method sounds unsafe, but it's the most
commonly used prime-generation strategy. There is in theory a
possibility that it might accidentally generate a number that isn't
prime, but the software does enough checking to make that probability
vanishingly small (less than 1 in 2^80, or 1 in 10^24). So, in
practice, nobody worries about it very much.

The other methods cause PuTTYgen to use numbers that it is \e{sure}
are prime, because it generates the output number together with a
proof of its primality. This takes more effort, but it eliminates that
theoretical risk in the probabilistic method.

You might choose to switch from probable to proven primes if you have
a local security standard that demands it, or if you don't trust the
probabilistic argument for the safety of the usual method.

}

\dt \cw{\-\-strong-rsa}

\dd When generating an RSA key, make sure the prime factors of the key
modulus are \q{strong primes}. A strong prime is a prime number chosen
to have a particular structure that makes certain factoring algorithms
more difficult to apply, so some security standards recommend their
use. However, the most modern factoring algorithms are unaffected, so
this option is probably not worth turning on \e{unless} you have a
local standard that recommends it.

\dt \cw{\-q}

\dd Suppress the progress display when generating a new key.

\dt \cw{\-\-old\-passphrase} \e{file}

\dd Specify a file name; the first line will be read from this file
(removing any trailing newline) and used as the old passphrase.
\s{CAUTION:} If the passphrase is important, the file should be stored
on a temporary filesystem or else securely erased after use.

\dt \cw{\-\-random\-device} \e{device}

\dd Specify device to read entropy from. By default, \c{puttygen}
uses \c{/dev/urandom}, falling back to \c{/dev/random} if it has to.

In the second phase, \c{puttygen} optionally alters properties of
the key it has loaded or generated. The options to control this are:

\dt \cw{\-C} \e{new\-comment}

\dd Specify a comment string to describe the key. This comment string
will be used by PuTTY to identify the key to you (when asking you to
enter the passphrase, for example, so that you know which passphrase
to type).

\dt \cw{\-P}

\dd Indicate that you want to change the key's passphrase. This is
automatic when you are generating a new key, but not when you are
modifying an existing key.

\dt \cw{\-\-certificate} \e{certificate-file}

\dd Adds an OpenSSH-style certificate to the public half of the key,
so that the output file contains a certified public key with the same
private key. If the input file already contained a certificate, it
will be replaced with the new one. (Use \cq{-} to read a certificate
from standard input.)

\dt \cw{\-\-remove\-certificate}

\dd Removes any certificate that was part of the key, to recover the
uncertified version of the underlying key.

\dt \cw{\-\-reencrypt}

\dd For an existing private key saved with a passphrase, refresh the
encryption without changing the passphrase.

\lcont{
This is most likely to be useful with the \cw{\-\-ppk-param} option,
to change some aspect of the key file's format or encryption.
}

\dt \cw{\-\-ppk-param} \e{key}\cw{=}\e{value}\cw{,}...

\dd When saving a PPK file (the default \cw{private} output type for SSH-2
keys), adjust details of the on-disk format.

\lcont{

Aspects to change are specified as a series of \e{key}\cw{=}\e{value} pairs
separated by commas. The \e{key}s are:

\dt \cw{version}

\dd The PPK format version. Possible values are \cw{3} (the default)
and \cw{2} (which is less resistant to brute-force decryption, but
which you might need if your key needs to be used by old versions of
PuTTY tools, or other PPK consumers).

\lcont{
The following \e{key}s only affect PPK version 3 files.
}

\dt \cw{kdf}

\dd The variant of the Argon2 key derivation function to use. Options
are \cw{argon2id} (default, and recommended), \cw{argon2i}, and
\cw{argon2d}.

\lcont{
You might change this if you consider your exposure to side-channel
attacks to be different to the norm.
}

\dt \cw{memory}

\dd The amount of memory needed to decrypt the key, in Kbyte. Default
is 8192 (i.e., 8 Mbyte).

\dt \cw{time}

\dd Approximate time, on this machine, required to attempt decrypting
the key, in milliseconds. Default is 100 (ms).

\dt \cw{passes}

\dd Alternative to \cw{time}: explicitly specify the number of hash
passes required to attempt decrypting the key.

\dt \cw{parallelism}

\dd Number of parallelisable threads that can be used to decrypt the
key. Default is 1 (force decryption to run single-threaded).

}

In the third phase, \c{puttygen} saves the key or information
about it. The options to control this are:

\dt \cw{\-O} \e{output\-type}

\dd Specify the type of output you want \c{puttygen} to produce.
Acceptable options are:

\lcont{

\dt \cw{private}

\dd Save the private key in a format usable by PuTTY. This will either
be the standard SSH-1 key format, or PuTTY's own SSH-2 key format
(\q{PPK}). This is the default.

\dt \cw{public}

\dd Save the public key only. For SSH-1 keys, the standard public key
format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the
public key will be output in the format specified by RFC 4716,
which is a multi-line text file beginning with the line
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.

\dt \cw{public-openssh}

\dd Save the public key only, in a format usable by OpenSSH. For SSH-1
keys, this output format behaves identically to \c{public}. For
SSH-2 keys, the public key will be output in the OpenSSH format,
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).

\dt \cw{fingerprint}

\dd Print a fingerprint of the public key. The \cw{-E} option lets you
specify which fingerprinting algorithm to use. All algorithms are
believed compatible with OpenSSH.

\dt \cw{private-openssh}

\dd Save an SSH-2 private key in OpenSSH's format, using the oldest
format available to maximise backward compatibility. This option is not
permitted for SSH-1 keys.

\dt \cw{private-openssh-new}

\dd As \c{private-openssh}, except that it forces the use of OpenSSH's
newer format even for RSA, DSA, and ECDSA keys.

\dt \cw{private-sshcom}

\dd Save an SSH-2 private key in ssh.com's format. This option is not
permitted for SSH-1 keys.

\dt \cw{cert-info}

\dd Save a textual dump of information about the certificate on the
key, if any: whether it's a host or a user certificate, what host(s)
or user(s) it's certified to be, its validity period, ID and serial
number, and the fingerprint of the signing CA.

\dt \cw{text}

\dd Save a textual dump of the numeric components comprising the key
(both the public and private parts, if present). Useful for debugging,
or for using PuTTYgen as a key generator for applications other than
SSH.

\lcont{
The output consists of a series of \cw{name=value} lines, where each
\c{value} is either a C-like string literal in double quotes, a
hexadecimal number starting with \cw{0x...}, or a binary blob
encoded with base64, denoted by \cw{b64("...")}.
}

If no output type is specified, the default is \c{private}.

}

\dt \cw{\-o} \e{output\-file}

\dd Specify the file where \c{puttygen} should write its output. If
this option is not specified, \c{puttygen} will assume you want to
overwrite the original file if the input and output file types are
the same (changing a comment or passphrase), and will assume you
want to output to stdout if you are asking for a public key,
fingerprint, or one of the textual dump types. Otherwise, the
\c{\-o} option is required.

\dt \cw{\-l}

\dd Synonym for \q{\cw{-O fingerprint}}.

\dt \cw{\-L}

\dd Synonym for \q{\cw{-O public-openssh}}.

\dt \cw{\-p}

\dd Synonym for \q{\cw{-O public}}.

\dt \cw{\-\-cert\-info}

\dd Synonym for \q{\cw{-O cert-info}}.

\dt \cw{\-\-dump}

\dd Synonym for \q{\cw{-O text}}.

\dt \cw{-E} \e{fptype}

\dd Specify the algorithm to use if generating a fingerprint. The
available algorithms are are \cw{sha256} (the default) and \cw{md5}.

\lcont{

By default, when showing the fingerprint of a public key that includes
a certificate, \c{puttygen} will not include the certificate, so that
the fingerprint shown will be the same as the underlying public key.
If you want the fingerprint including the certificate (for example, so
as to tell two certified keys apart), you can specify \cw{sha256-cert}
or \cw{md5-cert} as the fingerprint type.

}

\dt \cw{\-\-new\-passphrase} \e{file}

\dd Specify a file name; the first line will be read from this file
(removing any trailing newline) and used as the new passphrase. If the
file is empty then the saved key will be unencrypted. \s{CAUTION:} If
the passphrase is important, the file should be stored on a temporary
filesystem or else securely erased after use.

The following options do not run PuTTYgen as normal, but print
informational messages and then quit:

\dt \cw{\-h}, \cw{\-\-help}

\dd Display a message summarizing the available options.

\dt \cw{\-V}, \cw{\-\-version}

\dd Display the version of PuTTYgen.

\dt \cw{\-\-pgpfp}

\dd Display the fingerprints of the PuTTY PGP Master Keys, to aid
in verifying new files released by the PuTTY team.

\S{puttygen-manpage-examples} EXAMPLES

To generate an SSH-2 RSA key pair and save it in PuTTY's own format
(you will be prompted for the passphrase):

\c puttygen -t rsa -C "my home key" -o mykey.ppk

To generate a larger (4096-bit) key:

\c puttygen -t rsa -b 4096 -C "my home key" -o mykey.ppk

To change the passphrase on a key (you will be prompted for the old
and new passphrases):

\c puttygen -P mykey.ppk

To change the comment on a key:

\c puttygen -C "new comment" mykey.ppk

To convert a key into OpenSSH's private key format:

\c puttygen mykey.ppk -O private-openssh -o my-openssh-key

To convert a key \e{from} another format (\c{puttygen} will
automatically detect the input key type):

\c puttygen my-ssh.com-key -o mykey.ppk

To display the SHA-256 fingerprint of a key (some key types require a
passphrase to extract even this much information):

\c puttygen -l mykey.ppk

To add the OpenSSH-format public half of a key to your authorised
keys file:

\c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys