nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 11:32:48 -05:00
Code Issues Projects Releases Wiki Activity

Windows PuTTYgen: support cmdgen's key-type and PPK options.

Browse Source 
This imports the following options from command-line PuTTYgen, which
all correspond to controls in Windows PuTTYgen's GUI, and let you set
the GUI controls to initial values of your choice:

  -t <key type>
  -b <bits>
  -E <fingerprint type>
  --primes <prime gen policy>
  --strong-rsa
  --ppk-param <KDF parameters or PPK version etc>

The idea is that if someone generates a lot of keys and has standard
non-default preferences, they can make a shortcut that passes those
preferences on the command line.
This commit is contained in:
Simon Tatham
2022-01-15 18:30:34 +00:00
parent dc183e1649
commit 11aa9ab8f3
2 changed files with 242 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
doc/pubkey.but
View File

@ -478,6 +478,82 @@ you have generated an SSH-1 private key using OpenSSH or
Hence, the export options are not available if you have generated an
SSH-1 key.
\S{puttygen-cli} PuTTYgen command-line configuration
PuTTYgen supports a set of command-line options to configure many of
the same settings you can select in the GUI. This allows you to start
it up with your own preferences ready-selected, which might be useful
if you generate a lot of keys. (For example, you could make a Windows
shortcut that runs PuTTYgen with some command line options, or a batch
file or Powershell script that you could distribute to a whole
organisation containing your local standards.)
The options supported on the command line are:
\dt \cw{\-t} \e{keytype}
\dd Type of key to generate. You can select \c{rsa}, \c{dsa},
\c{ecdsa}, \c{eddsa} or \c{rsa1}. See \k{puttygen-keytype}.
\dt \cw{\-b} \e{bits}
\dd Size of the key to generate, in bits. See \k{puttygen-strength}.
\dt \cw{\-\-primes} \e{method}
\dd Method for generating prime numbers. You can select \c{probable},
\c{proven}, and \c{proven-even}. See \k{puttygen-primes}.
\dt \cw{\-\-strong-rsa}
\dd When generating an RSA key, make sure the prime factors of the key
modulus are \q{strong primes}. A strong prime is a prime number chosen
to have a particular structure that makes certain factoring algorithms
more difficult to apply, so some security standards recommend their
use. However, the most modern factoring algorithms are unaffected, so
this option is probably not worth turning on \e{unless} you have a
local standard that recommends it.
\dt \cw{\-\-ppk-param} \e{key}\cw{=}\e{value}\cw{,}...
\dd Allows setting all the same details of the PPK save file format
described in \k{puttygen-save-params}.
\lcont{
Aspects to change are specified as a series of \e{key}\cw{=}\e{value} pairs
separated by commas. The \e{key}s are:
\dt \cw{version}
\dd The PPK format version: either \cw{3} or \cw{2}.
\dt \cw{kdf}
\dd The variant of Argon2 to use: \cw{argon2id}, \cw{argon2i}, and
\cw{argon2d}.
\dt \cw{memory}
\dd The amount of memory needed to decrypt the key, in Kbyte.
\dt \cw{time}
\dd Specifies how much time is required to attempt decrypting the key,
in milliseconds.
\dt \cw{passes}
\dd Alternative to \cw{time}: specifies the number of hash passes
required to attempt decrypting the key.
\dt \cw{parallelism}
\dd Number of parallelisable threads that can be used to decrypt the
key.
}
\H{pubkey-gettingready} Getting ready for public key authentication
Connect to your SSH server using PuTTY with the SSH protocol. When the