| 1 | \cfg{man-identity}{puttygen}{1}{2004-03-24}{PuTTY tool suite}{PuTTY tool suite} |
| 2 | |
| 3 | \H{puttygen-manpage} Man page for PuTTYgen |
| 4 | |
| 5 | \S{puttygen-manpage-name} NAME |
| 6 | |
| 7 | \cw{puttygen} - public-key generator for the PuTTY tools |
| 8 | |
| 9 | \S{puttygen-manpage-synopsis} SYNOPSIS |
| 10 | |
| 11 | \c puttygen ( keyfile | -t keytype [ -b bits ] ) |
| 12 | \e bbbbbbbb iiiiiii bb iiiiiii bb iiii |
| 13 | \c [ -C new-comment ] [ -P ] [ -q ] |
| 14 | \e bb iiiiiiiiiii bb bb |
| 15 | \c [ -O output-type | -l | -L | -p ] |
| 16 | \e bb iiiiiiiiiii bb bb bb |
| 17 | \c [ -o output-file ] |
| 18 | \e bb iiiiiiiiiii |
| 19 | |
| 20 | \S{puttygen-manpage-description} DESCRIPTION |
| 21 | |
| 22 | \c{puttygen} is a tool to generate and manipulate SSH public and |
| 23 | private key pairs. It is part of the PuTTY suite, although it can |
| 24 | also interoperate with the private key formats used by some other |
| 25 | SSH clients. |
| 26 | |
| 27 | When you run \c{puttygen}, it does three things. Firstly, it either |
| 28 | loads an existing key file (if you specified \e{keyfile}), or |
| 29 | generates a new key (if you specified \e{keytype}). Then, it |
| 30 | optionally makes modifications to the key (changing the comment |
| 31 | and/or the passphrase); finally, it outputs the key, or some |
| 32 | information about the key, to a file. |
| 33 | |
| 34 | All three of these phases are controlled by the options described in |
| 35 | the following section. |
| 36 | |
| 37 | \S{puttygen-manpage-options} OPTIONS |
| 38 | |
| 39 | In the first phase, \c{puttygen} either loads or generates a key. |
| 40 | The options to control this are: |
| 41 | |
| 42 | \dt \e{keyfile} |
| 43 | |
| 44 | \dd Specify a private key file to be loaded. This private key file can |
| 45 | be in the (de facto standard) SSH-1 key format, or in PuTTY's SSH-2 |
| 46 | key format, or in either of the SSH-2 private key formats used by |
| 47 | OpenSSH and ssh.com's implementation. |
| 48 | |
| 49 | \dt \cw{\-t} \e{keytype} |
| 50 | |
| 51 | \dd Specify a type of key to generate. The acceptable values here are |
| 52 | \c{rsa} and \c{dsa} (to generate SSH-2 keys), and \c{rsa1} (to |
| 53 | generate SSH-1 keys). |
| 54 | |
| 55 | \dt \cw{\-b} \e{bits} |
| 56 | |
| 57 | \dd Specify the size of the key to generate, in bits. Default is 1024. |
| 58 | |
| 59 | \dt \cw{\-q} |
| 60 | |
| 61 | \dd Suppress the progress display when generating a new key. |
| 62 | |
| 63 | In the second phase, \c{puttygen} optionally alters properties of |
| 64 | the key it has loaded or generated. The options to control this are: |
| 65 | |
| 66 | \dt \cw{\-C} \e{new\-comment} |
| 67 | |
| 68 | \dd Specify a comment string to describe the key. This comment string |
| 69 | will be used by PuTTY to identify the key to you (when asking you to |
| 70 | enter the passphrase, for example, so that you know which passphrase |
| 71 | to type). |
| 72 | |
| 73 | \dt \cw{\-P} |
| 74 | |
| 75 | \dd Indicate that you want to change the key's passphrase. This is |
| 76 | automatic when you are generating a new key, but not when you are |
| 77 | modifying an existing key. |
| 78 | |
| 79 | In the third phase, \c{puttygen} saves the key or information |
| 80 | about it. The options to control this are: |
| 81 | |
| 82 | \dt \cw{\-O} \e{output\-type} |
| 83 | |
| 84 | \dd Specify the type of output you want \c{puttygen} to produce. |
| 85 | Acceptable options are: |
| 86 | |
| 87 | \lcont{ |
| 88 | |
| 89 | \dt \cw{private} |
| 90 | |
| 91 | \dd Save the private key in a format usable by PuTTY. This will either |
| 92 | be the standard SSH-1 key format, or PuTTY's own SSH-2 key format. |
| 93 | |
| 94 | \dt \cw{public} |
| 95 | |
| 96 | \dd Save the public key only. For SSH-1 keys, the standard public key |
| 97 | format will be used (\q{\cw{1024 37 5698745}...}). For SSH-2 keys, the |
| 98 | public key will be output in the format specified by RFC 4716, |
| 99 | which is a multi-line text file beginning with the line |
| 100 | \q{\cw{---- BEGIN SSH2 PUBLIC KEY ----}}. |
| 101 | |
| 102 | \dt \cw{public-openssh} |
| 103 | |
| 104 | \dd Save the public key only, in a format usable by OpenSSH. For SSH-1 |
| 105 | keys, this output format behaves identically to \c{public}. For |
| 106 | SSH-2 keys, the public key will be output in the OpenSSH format, |
| 107 | which is a single line (\q{\cw{ssh-rsa AAAAB3NzaC1yc2}...}). |
| 108 | |
| 109 | \dt \cw{fingerprint} |
| 110 | |
| 111 | \dd Print the fingerprint of the public key. All fingerprinting |
| 112 | algorithms are believed compatible with OpenSSH. |
| 113 | |
| 114 | \dt \cw{private-openssh} |
| 115 | |
| 116 | \dd Save an SSH-2 private key in OpenSSH's format. This option is not |
| 117 | permitted for SSH-1 keys. |
| 118 | |
| 119 | \dt \cw{private-sshcom} |
| 120 | |
| 121 | \dd Save an SSH-2 private key in ssh.com's format. This option is not |
| 122 | permitted for SSH-1 keys. |
| 123 | |
| 124 | If no output type is specified, the default is \c{private}. |
| 125 | |
| 126 | } |
| 127 | |
| 128 | \dt \cw{\-o} \e{output\-file} |
| 129 | |
| 130 | \dd Specify the file where \c{puttygen} should write its output. If |
| 131 | this option is not specified, \c{puttygen} will assume you want to |
| 132 | overwrite the original file if the input and output file types are |
| 133 | the same (changing a comment or passphrase), and will assume you |
| 134 | want to output to stdout if you are asking for a public key or |
| 135 | fingerprint. Otherwise, the \c{\-o} option is required. |
| 136 | |
| 137 | \dt \cw{\-l} |
| 138 | |
| 139 | \dd Synonym for \q{\cw{-O fingerprint}}. |
| 140 | |
| 141 | \dt \cw{\-L} |
| 142 | |
| 143 | \dd Synonym for \q{\cw{-O public-openssh}}. |
| 144 | |
| 145 | \dt \cw{\-p} |
| 146 | |
| 147 | \dd Synonym for \q{\cw{-O public}}. |
| 148 | |
| 149 | The following options do not run PuTTYgen as normal, but print |
| 150 | informational messages and then quit: |
| 151 | |
| 152 | \dt \cw{\-h}, \cw{\-\-help} |
| 153 | |
| 154 | \dd Display a message summarizing the available options. |
| 155 | |
| 156 | \dt \cw{\-V}, \cw{\-\-version} |
| 157 | |
| 158 | \dd Display the version of PuTTYgen. |
| 159 | |
| 160 | \dt \cw{\-\-pgpfp} |
| 161 | |
| 162 | \dd Display the fingerprints of the PuTTY PGP Master Keys, to aid |
| 163 | in verifying new files released by the PuTTY team. |
| 164 | |
| 165 | \S{puttygen-manpage-examples} EXAMPLES |
| 166 | |
| 167 | To generate an SSH-2 RSA key pair and save it in PuTTY's own format |
| 168 | (you will be prompted for the passphrase): |
| 169 | |
| 170 | \c puttygen -t rsa -C "my home key" -o mykey.ppk |
| 171 | |
| 172 | To generate a larger (2048-bit) key: |
| 173 | |
| 174 | \c puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk |
| 175 | |
| 176 | To change the passphrase on a key (you will be prompted for the old |
| 177 | and new passphrases): |
| 178 | |
| 179 | \c puttygen -P mykey.ppk |
| 180 | |
| 181 | To change the comment on a key: |
| 182 | |
| 183 | \c puttygen -C "new comment" mykey.ppk |
| 184 | |
| 185 | To convert a key into OpenSSH's private key format: |
| 186 | |
| 187 | \c puttygen mykey.ppk -O private-openssh -o my-openssh-key |
| 188 | |
| 189 | To convert a key \e{from} another format (\c{puttygen} will |
| 190 | automatically detect the input key type): |
| 191 | |
| 192 | \c puttygen my-ssh.com-key -o mykey.ppk |
| 193 | |
| 194 | To display the fingerprint of a key (some key types require a |
| 195 | passphrase to extract even this much information): |
| 196 | |
| 197 | \c puttygen -l mykey.ppk |
| 198 | |
| 199 | To add the OpenSSH-format public half of a key to your authorised |
| 200 | keys file: |
| 201 | |
| 202 | \c puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys |
| 203 | |
| 204 | \S{puttygen-manpage-bugs} BUGS |
| 205 | |
| 206 | There's currently no way to supply passphrases in batch mode, or |
| 207 | even just to specify that you don't want a passphrase at all. |