[sgt/putty] / doc / man-pg.but

\cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite}

\H{puttygen-manpage} Man page for PuTTYgen

\S{puttygen-manpage-name} NAME

\cw{puttygen} - public-key generator for the PuTTY tools

\S{puttygen-manpage-synopsis} SYNOPSIS

\c puttygen ( keyfile | -t keytype [ -b bits ] )
\e bbbbbbbb   iiiiiii   bb iiiiiii   bb iiii
\c          [ -C new-comment ] [ -P ]
\e            bb iiiiiiiiiii     bb
\c          [ -O output-type | -l | -L | -p ]
\e            bb iiiiiiiiiii   bb   bb   bb
\c          [ -o output-file ]
\e            bb iiiiiiiiiii

\S{puttygen-manpage-description} DESCRIPTION

\c{puttygen} is a tool to generate and manipulate SSH public and
private key pairs. It is part of the PuTTY suite, although it can
also interoperate with the private key formats used by some other
SSH clients.

When you run \c{puttygen}, it does three things. Firstly, it either
loads an existing key file (if you specified \e{keyfile}), or
generates a new key (if you specified \e{keytype}). Then, it
optionally makes modifications to the key (changing the comment
and/or the passphrase); finally, it outputs the key, or some
information about the key, to a file.

All three of these phases are controlled by the options described in
the following section.

\S{puttygen-manpage-options} OPTIONS

In the first phase, \c{puttygen} either loads or generates a key.
The options to control this are:

\dt \e{keyfile}

\dd Specify a private key file to be loaded. This private key file can
be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
key format, or in either of the SSH2 private key formats used by
OpenSSH and ssh.com's implementation.

\dt \cw{\-t} \e{keytype}

\dd Specify a type of key to generate. The acceptable values here are
\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
generate SSH1 keys).

\dt \cw{\-b} \e{bits}

\dd Specify the size of the key to generate, in bits. Default is 1024.

In the second phase, \c{puttygen} optionally alters properties of
the key it has loaded or generated. The options to control this are:

\dt \cw{\-C} \e{new\-comment}

\dd Specify a comment string to describe the key. This comment string
will be used by PuTTY to identify the key to you (when asking you to
enter the passphrase, for example, so that you know which passphrase
to type).

\dt \cw{\-P}

\dd Indicate that you want to change the key's passphrase. This is
automatic when you are generating a new key, but not when you are
modifying an existing key.

In the third phase, \c{puttygen} saves the key or information
about it. The options to control this are:

\dt \cw{\-O} \e{output\-type}

\dd Specify the type of output you want \c{puttygen} to produce.
Acceptable options are:

\lcont{

\dt \cw{private}

\dd Save the private key in a format usable by PuTTY. This will either
be the standard SSH1 key format, or PuTTY's own SSH2 key format.

\dt \cw{public}

\dd Save the public key only. For SSH1 keys, the standard public key
format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
public key will be output in the format specified in the IETF
drafts, which is a multi-line text file beginning with the line
\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.

\dt \cw{public-openssh}

\dd Save the public key only, in a format usable by OpenSSH. For SSH1
keys, this output format behaves identically to \c{public}. For
SSH2 keys, the public key will be output in the OpenSSH format,
which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).

\dt \cw{fingerprint}

\dd Print the fingerprint of the public key. All fingerprinting
algorithms are believed compatible with OpenSSH.

\dt \cw{private-openssh}

\dd Save an SSH2 private key in OpenSSH's format. This option is not
permitted for SSH1 keys.

\dt \cw{private-sshcom}

\dd Save an SSH2 private key in ssh.com's format. This option is not
permitted for SSH1 keys.

If no output type is specified, the default is \c{private}.

}

\dt \cw{\-o} \e{output\-file}

\dd Specify the file where \c{puttygen} should write its output. If
this option is not specified, \c{puttygen} will assume you want to
overwrite the original file if the input and output file types are
the same (changing a comment or passphrase), and will assume you
want to output to stdout if you are asking for a public key or
fingerprint. Otherwise, the \c{\-o} option is required.

\dt \cw{\-l}

\dd Synonym for \q{\cw{-O fingerprint}}.

\dt \cw{\-L}

\dd Synonym for \q{\cw{-O public-openssh}}.

\dt \cw{\-p}

\dd Synonym for \q{\cw{-O public}}.

\S{puttygen-manpage-examples} EXAMPLES

To generate an SSH2 RSA key pair and save it in PuTTY's own format
(you will be prompted for the passphrase):

\c puttygen -t rsa -C "my home key" -o mykey.ppk

To generate a larger (2048-bit) key:

\c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk

To change the passphrase on a key (you will be prompted for the old
and new passphrases):

\c puttygen -P mykey.ppk

To change the comment on a key:

\c puttygen -C "new comment" mykey.ppk

To convert a key into OpenSSH's private key format:

\c puttygen mykey.ppk -O private-openssh -o my-openssh-key

To convert a key \e{from} another format (\c{puttygen} will
automatically detect the input key type):

\c puttygen my-ssh.com-key -o mykey.ppk

To display the fingerprint of a key (some key types require a
passphrase to extract even this much information):

\c puttygen -l mykey.ppk

To add the OpenSSH-format public half of a key to your authorised
keys file:

\c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys

\S{puttygen-manpage-bugs} BUGS

There's currently no way to supply passphrases in batch mode, or
even just to specify that you don't want a passphrase at all.
Commit	Line	Data
e3e5784e	1	\cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite}
	2
	3	\H{puttygen-manpage} Man page for PuTTYgen
	4
	5	\S{puttygen-manpage-name} NAME
	6
	7	\cw{puttygen} - public-key generator for the PuTTY tools
	8
	9	\S{puttygen-manpage-synopsis} SYNOPSIS
	10
	11	\c puttygen ( keyfile \| -t keytype [ -b bits ] )
	12	\e bbbbbbbb iiiiiii bb iiiiiii bb iiii
	13	\c [ -C new-comment ] [ -P ]
	14	\e bb iiiiiiiiiii bb
	15	\c [ -O output-type \| -l \| -L \| -p ]
	16	\e bb iiiiiiiiiii bb bb bb
	17	\c [ -o output-file ]
	18	\e bb iiiiiiiiiii
	19
	20	\S{puttygen-manpage-description} DESCRIPTION
	21
	22	\c{puttygen} is a tool to generate and manipulate SSH public and
	23	private key pairs. It is part of the PuTTY suite, although it can
	24	also interoperate with the private key formats used by some other
	25	SSH clients.
	26
	27	When you run \c{puttygen}, it does three things. Firstly, it either
	28	loads an existing key file (if you specified \e{keyfile}), or
	29	generates a new key (if you specified \e{keytype}). Then, it
	30	optionally makes modifications to the key (changing the comment
	31	and/or the passphrase); finally, it outputs the key, or some
	32	information about the key, to a file.
	33
	34	All three of these phases are controlled by the options described in
	35	the following section.
	36
	37	\S{puttygen-manpage-options} OPTIONS
	38
	39	In the first phase, \c{puttygen} either loads or generates a key.
	40	The options to control this are:
	41
	42	\dt \e{keyfile}
	43
	44	\dd Specify a private key file to be loaded. This private key file can
	45	be in the (de facto standard) SSH1 key format, or in PuTTY's SSH2
	46	key format, or in either of the SSH2 private key formats used by
	47	OpenSSH and ssh.com's implementation.
	48
	49	\dt \cw{\-t} \e{keytype}
	50
	51	\dd Specify a type of key to generate. The acceptable values here are
	52	\c{rsa} and \c{dsa} (to generate SSH2 keys), and \c{rsa1} (to
	53	generate SSH1 keys).
	54
	55	\dt \cw{\-b} \e{bits}
	56
	57	\dd Specify the size of the key to generate, in bits. Default is 1024.
	58
	59	In the second phase, \c{puttygen} optionally alters properties of
	60	the key it has loaded or generated. The options to control this are:
	61
	62	\dt \cw{\-C} \e{new\-comment}
	63
	64	\dd Specify a comment string to describe the key. This comment string
65	will be used by PuTTY to identify the key to you (when asking you to
66	enter the passphrase, for example, so that you know which passphrase
67	to type).
68
69	\dt \cw{\-P}
70
71	\dd Indicate that you want to change the key's passphrase. This is
72	automatic when you are generating a new key, but not when you are
73	modifying an existing key.
74
75	In the third phase, \c{puttygen} saves the key or information
76	about it. The options to control this are:
77
78	\dt \cw{\-O} \e{output\-type}
79
80	\dd Specify the type of output you want \c{puttygen} to produce.
81	Acceptable options are:
82
83	\lcont{
84
85	\dt \cw{private}
86
87	\dd Save the private key in a format usable by PuTTY. This will either
88	be the standard SSH1 key format, or PuTTY's own SSH2 key format.
89
90	\dt \cw{public}
91
92	\dd Save the public key only. For SSH1 keys, the standard public key
93	format will be used (\q{\cw{1024 37 5698745}...}). For SSH2 keys, the
94	public key will be output in the format specified in the IETF
95	drafts, which is a multi-line text file beginning with the line
96	\q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}.
97
98	\dt \cw{public-openssh}
99
100	\dd Save the public key only, in a format usable by OpenSSH. For SSH1
101	keys, this output format behaves identically to \c{public}. For
102	SSH2 keys, the public key will be output in the OpenSSH format,
103	which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}).
104
105	\dt \cw{fingerprint}
106
107	\dd Print the fingerprint of the public key. All fingerprinting
108	algorithms are believed compatible with OpenSSH.
109
110	\dt \cw{private-openssh}
111
112	\dd Save an SSH2 private key in OpenSSH's format. This option is not
113	permitted for SSH1 keys.
114
115	\dt \cw{private-sshcom}
116
117	\dd Save an SSH2 private key in ssh.com's format. This option is not
118	permitted for SSH1 keys.
119
120	If no output type is specified, the default is \c{private}.
121
122	}
123
124	\dt \cw{\-o} \e{output\-file}
125
126	\dd Specify the file where \c{puttygen} should write its output. If
127	this option is not specified, \c{puttygen} will assume you want to
128	overwrite the original file if the input and output file types are
129	the same (changing a comment or passphrase), and will assume you
130	want to output to stdout if you are asking for a public key or
131	fingerprint. Otherwise, the \c{\-o} option is required.
132
133	\dt \cw{\-l}
134
135	\dd Synonym for \q{\cw{-O fingerprint}}.
136
137	\dt \cw{\-L}
138
139	\dd Synonym for \q{\cw{-O public-openssh}}.
140
141	\dt \cw{\-p}
142
143	\dd Synonym for \q{\cw{-O public}}.
144
145	\S{puttygen-manpage-examples} EXAMPLES
146
147	To generate an SSH2 RSA key pair and save it in PuTTY's own format
148	(you will be prompted for the passphrase):
149
150	\c puttygen -t rsa -C "my home key" -o mykey.ppk
151
152	To generate a larger (2048-bit) key:
153
154	\c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk
155
156	To change the passphrase on a key (you will be prompted for the old
157	and new passphrases):
158
159	\c puttygen -P mykey.ppk
160
161	To change the comment on a key:
162
163	\c puttygen -C "new comment" mykey.ppk
164
165	To convert a key into OpenSSH's private key format:
166
167	\c puttygen mykey.ppk -O private-openssh -o my-openssh-key
168
169	To convert a key \e{from} another format (\c{puttygen} will
170	automatically detect the input key type):
171
172	\c puttygen my-ssh.com-key -o mykey.ppk
173
174	To display the fingerprint of a key (some key types require a
175	passphrase to extract even this much information):
176
177	\c puttygen -l mykey.ppk
178
179	To add the OpenSSH-format public half of a key to your authorised
180	keys file:
181
182	\c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
183
184	\S{puttygen-manpage-bugs} BUGS
185
186	There's currently no way to supply passphrases in batch mode, or
187	even just to specify that you don't want a passphrase at all.