From 0edeaaa5f3878a319c3b36c501bc7dee7535d749 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 14:45:45 +0100 Subject: [PATCH 1/7] cmdgen: Write through correct leg of union. No functional change, probably. --- cmdgen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmdgen.c b/cmdgen.c index af7bbe33..920317f5 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -448,7 +448,7 @@ int main(int argc, char **argv) params.argon2_milliseconds = n; } else if (!strcmp(val, "passes")) { params.argon2_passes_auto = false; - params.argon2_milliseconds = n; + params.argon2_passes = n; } else if (!strcmp(val, "parallelism") || !strcmp(val, "parallel")) { params.argon2_parallelism = n; From 71c411d0763b6ac46b63a646f6cd3d861366af5b Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 12:25:48 +0100 Subject: [PATCH 2/7] Fix typos in PuTTYgen docs. --- doc/man-puttygen.but | 4 ++-- doc/pubkey.but | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/man-puttygen.but b/doc/man-puttygen.but index e4421ce2..7fb89543 100644 --- a/doc/man-puttygen.but +++ b/doc/man-puttygen.but @@ -75,7 +75,7 @@ OpenSSH format, or the standard SSH-1 format. \dt \cw{\-\-primes} \e{method} \dd Method for generating prime numbers. The acceptable values here -are \c{probable} (the default), \c{proven}, and \c{proven-even}; the +are \c{probable} (the default), \c{proven}, and \c{proven-even}; the later methods are slower. (Various synonyms for these method names are also accepted.) @@ -99,7 +99,7 @@ probabilistic argument for the safety of the usual method. } -\dd \cw{\-\-strong-rsa} +\dt \cw{\-\-strong-rsa} \dd When generating an RSA key, make sure the prime factors of the key modulus are \q{strong primes}. A strong prime is a prime number chosen diff --git a/doc/pubkey.but b/doc/pubkey.but index 79bd8bed..d3c10dda 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -153,7 +153,7 @@ The prime-generation method does not affect compatibility: a key generated with any of these methods will still work with all the same SSH servers. -If you don't care abut this, it's entirely sensible to leave it on the +If you don't care about this, it's entirely sensible to leave it on the default setting. The available methods are: From ab23ebc3ae0414496779c5488a490392342d78b5 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 15:15:01 +0100 Subject: [PATCH 3/7] Docs: SSH key type support is server-dependent. --- doc/pubkey.but | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/pubkey.but b/doc/pubkey.but index d3c10dda..8012933e 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -108,7 +108,8 @@ Before generating a key pair using PuTTYgen, you need to select which type of key you need. The current version of the SSH protocol, SSH-2, supports several -different key types. PuTTYgen can generate: +different key types, although specific servers may not support all of +them. PuTTYgen can generate: \b An \i{RSA} key for use with the SSH-2 protocol. From 4c596b31adf598259ed7c2c1f5b7cc72e025e1ea Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 15:33:14 +0100 Subject: [PATCH 4/7] Docs: tweak indexing of 'strong' primes. --- doc/pubkey.but | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/pubkey.but b/doc/pubkey.but index 8012933e..5b0e3a39 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -182,7 +182,7 @@ a local security standard that demands it, or if you don't trust the probabilistic argument for the safety of the usual method. For RSA keys, there's also an option on the \q{Key} menu to use -\q{strong primes} as the prime factors of the public key. A strong +\i{\q{strong} primes} as the prime factors of the public key. A \q{strong} prime is a prime number chosen to have a particular structure that makes certain factoring algorithms more difficult to apply, so some security standards recommend their use. However, the most modern From 8f8593a86e360dcc6d3f4c3aac64770ff4a23222 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 15:33:42 +0100 Subject: [PATCH 5/7] Document PPK format parameters, and --reencrypt. --- doc/index.but | 5 +++ doc/man-puttygen.but | 79 ++++++++++++++++++++++++++++++++++++++++---- doc/pubkey.but | 58 ++++++++++++++++++++++++++++++++ 3 files changed, 136 insertions(+), 6 deletions(-) diff --git a/doc/index.but b/doc/index.but index 5fd0e7fc..f7e7145a 100644 --- a/doc/index.but +++ b/doc/index.but @@ -277,6 +277,11 @@ saved sessions from \IM{PPK} \cw{PPK} file \IM{PPK} private key file, PuTTY +\IM{Argon2} Argon2 passphrase hashing function + +\IM{passphrase hashing} passphrase hashing, for private key files +\IM{passphrase hashing} password hashing, for private key files + \IM{PGP key fingerprint} PGP key fingerprint \IM{PGP key fingerprint} fingerprint, of PGP key diff --git a/doc/man-puttygen.but b/doc/man-puttygen.but index 7fb89543..021af205 100644 --- a/doc/man-puttygen.but +++ b/doc/man-puttygen.but @@ -8,12 +8,14 @@ \S{puttygen-manpage-synopsis} SYNOPSIS -\c puttygen ( keyfile | -t keytype [ -b bits ] [ --primes method ] ) -\e bbbbbbbb iiiiiii bb iiiiiii bb iiii bbbbbbbb iiiiii -\c [ -C new-comment ] [ -P ] [ -q ] -\e bb iiiiiiiiiii bb bb +\c puttygen ( keyfile | -t keytype [ -b bits ] [ --primes method ] [ -q ] ) +\e bbbbbbbb iiiiiii bb iiiiiii bb iiii bbbbbbbb iiiiii bb +\c [ -C new-comment ] [ -P ] [ --reencrypt ] +\e bb iiiiiiiiiii bb bbbbbbbbbbb \c [ -O output-type | -l | -L | -p | --dump ] [ -E fptype ] \e bb iiiiiiiiiii bb bb bb bbbbbb bb iiiiii +\c [ --ppk-param key=value,... ] +\e bbbbbbbbbbb iiibiiiiib \c [ -o output-file ] \e bb iiiiiiiiiii @@ -26,7 +28,7 @@ also interoperate with the key formats used by some other SSH clients. When you run \c{puttygen}, it does three things. Firstly, it either loads an existing key file (if you specified \e{keyfile}), or generates a new key (if you specified \e{keytype}). Then, it -optionally makes modifications to the key (changing the comment +optionally makes modifications to the key (such as changing the comment and/or the passphrase); finally, it outputs the key, or some information about the key, to a file. @@ -141,6 +143,70 @@ to type). automatic when you are generating a new key, but not when you are modifying an existing key. +\dt \cw{\-\-reencrypt} + +\dd For an existing private key saved with a passphrase, refresh the +encryption without changing the passphrase. + +\lcont{ +This is most likely to be useful with the \cw{\-\-ppk-param} option, +to change some aspect of the key file's format or encryption. +} + +\dt \cw{\-\-ppk-param} \e{key}\cw{=}\e{value}\cw{,}... + +\dd When saving a PPK file (the default \cw{private} output type for SSH-2 +keys), adjust details of the on-disk format. + +\lcont{ + +Aspects to change are specified as a series of \e{key}\cw{=}\e{value} pairs +separated by commas. The \e{key}s are: + +\dt \cw{version} + +\dd The PPK format version. Possible values are \cw{3} (the default) +and \cw{2} (which is less resistant to brute-force decryption, but +which you might need if your key needs to be used by old versions of +PuTTY tools, or other PPK consumers). + +\lcont{ +The following \e{key}s only affect PPK version 3 files. +} + +\dt \cw{kdf} + +\dd The variant of the Argon2 key derivation function to use. Options +are \cw{argon2id} (default, and recommended), \cw{argon2i}, and +\cw{argon2d}. + +\lcont{ +You might change this if you consider your exposure to side-channel +attacks to be different to the norm. +} + +\dt \cw{memory} + +\dd The amount of memory needed to decrypt the key, in Kbyte. Default +is 8192 (i.e., 8 Mbyte). + +\dt \cw{time} + +\dd Approximate time, on this machine, required to attempt decrypting +the key, in milliseconds. Default is 100 (ms). + +\dt \cw{passes} + +\dd Alternative to \cw{time}: explicitly specify the number of hash +passes required to attempt decrypting the key. + +\dt \cw{parallelism} + +\dd Number of parallelisable threads that can be used to decrypt the +key. Default is 1 (force decryption to run single-threaded). + +} + In the third phase, \c{puttygen} saves the key or information about it. The options to control this are: @@ -154,7 +220,8 @@ Acceptable options are: \dt \cw{private} \dd Save the private key in a format usable by PuTTY. This will either -be the standard SSH-1 key format, or PuTTY's own SSH-2 key format. +be the standard SSH-1 key format, or PuTTY's own SSH-2 key format +(\q{PPK}). This is the default. \dt \cw{public} diff --git a/doc/pubkey.but b/doc/pubkey.but index 5b0e3a39..cad6988b 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -312,6 +312,10 @@ will need to tell PuTTY to use for authentication (see \k{config-ssh-privkey}) or tell Pageant to load (see \k{pageant-mainwin-addkey}). +(You can optionally change some details of the PPK format for your saved +key files; see \k{puttygen-save-params}. But The defaults should be +fine for most purposes.) + \S{puttygen-savepub} Saving your public key to a disk file RFC 4716 specifies a \I{SSH-2 public key format}standard format for @@ -351,6 +355,60 @@ PuTTY session which is already connected to the server. See \k{pubkey-gettingready} for general instructions on configuring public-key authentication once you have generated a key. +\S{puttygen-save-params} Parameters for saving key files + +Selecting \q{Parameters for saving key files...} from the \q{Key} menu +lets you adjust some aspects of PPK-format private key files stored on +disk. None of these options affect compatibility with SSH servers. + +In most cases, it's entirely sensible to leave all of these at their +default settings. + +\S2{puttygen-save-ppk-version} PPK file version + +This defaults to version 3, which is fine for most uses. + +You might need to select PPK version 2 if you need your private key +file to be loadable in older versions of PuTTY (0.74 and older), or in +other tools which do not yet support the version 3 format (which was +introduced in 2021). + +The version 2 format is less resistant to brute-force decryption, and +doesn't support any of the following options to control that. + +\S2{puttygen-save-passphrase-hashing} Options affecting \i{passphrase hashing} + +All of the following options only affect keys saved with passphrases. +They control how much work is required to decrypt the key (which +happens every type you type its passphrase). This allows you to trade +off the cost of legitimate use of the key against the resistance of +the encrypted key to password-guessing attacks. + +These options only affect PPK version 3. + +\dt Key derivation function + +\dd The variant of the \i{Argon2} key derivation function to use. +You might change this if you consider your exposure to side-channel +attacks to be different to the norm. + +\dt Memory to use for passphrase hash + +\dd The amount of memory needed to decrypt the key, in Kbyte. + +\dt Time to use for passphrase hash + +\dd Controls how much time is required to attempt decrypting the key. +You can either specify an approximate time in milliseconds (on this +machine), or explicitly specify a number of hash passes (which is what +the time is turned into during encryption). + +\dt Parallelism for passphrase hash + +\dd Number of parallelisable threads that can be used to decrypt the +key. The default, 1, forces the process to run single-threaded, even +on machines with multiple cores. + \S{puttygen-load} Reloading a private key PuTTYgen allows you to load an existing private key file into From dcf3e7a1f35006742d7bd605e08a08daf1a7317b Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 16:06:01 +0100 Subject: [PATCH 6/7] winpgen: Context help for PPK params. --- windows/winhelp.h | 2 ++ windows/winpgen.c | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/windows/winhelp.h b/windows/winhelp.h index 0d7132ae..ae5a7a7f 100644 --- a/windows/winhelp.h +++ b/windows/winhelp.h @@ -186,6 +186,8 @@ #define WINHELP_CTX_puttygen_pastekey "puttygen-pastekey" #define WINHELP_CTX_puttygen_load "puttygen-load" #define WINHELP_CTX_puttygen_conversions "puttygen-conversions" +#define WINHELP_CTX_puttygen_ppkver "puttygen-save-ppk-version" +#define WINHELP_CTX_puttygen_kdfparam "puttygen-save-passphrase-hashing" /* These are used in Windows-specific bits of the frontend. * We (ab)use "help context identifiers" (dwContextId) to identify them. */ diff --git a/windows/winpgen.c b/windows/winpgen.c index 7c44a279..065ada80 100644 --- a/windows/winpgen.c +++ b/windows/winpgen.c @@ -310,6 +310,11 @@ static INT_PTR CALLBACK PPKParamsProc(HWND hwnd, UINT msg, SetWindowPos(hwnd, HWND_TOP, 0, 0, 0, 0, SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW); + if (has_help()) + SetWindowLongPtr(hwnd, GWL_EXSTYLE, + GetWindowLongPtr(hwnd, GWL_EXSTYLE) | + WS_EX_CONTEXTHELP); + /* * Centre the window. */ @@ -407,6 +412,36 @@ static INT_PTR CALLBACK PPKParamsProc(HWND hwnd, UINT msg, return 0; } return 0; + case WM_HELP: { + int id = ((LPHELPINFO)lParam)->iCtrlId; + const char *topic = NULL; + switch (id) { + case IDC_PPKVER_STATIC: + case IDC_PPKVER_2: + case IDC_PPKVER_3: + topic = WINHELP_CTX_puttygen_ppkver; break; + case IDC_KDF_STATIC: + case IDC_KDF_ARGON2ID: + case IDC_KDF_ARGON2I: + case IDC_KDF_ARGON2D: + case IDC_ARGON2_MEM_STATIC: + case IDC_ARGON2_MEM: + case IDC_ARGON2_MEM_STATIC2: + case IDC_ARGON2_TIME_STATIC: + case IDC_ARGON2_TIME: + case IDC_PPK_AUTO_YES: + case IDC_PPK_AUTO_NO: + case IDC_ARGON2_PARALLEL_STATIC: + case IDC_ARGON2_PARALLEL: + topic = WINHELP_CTX_puttygen_kdfparam; break; + } + if (topic) { + launch_help(hwnd, topic); + } else { + MessageBeep(0); + } + break; + } case WM_CLOSE: EndDialog(hwnd, 0); return 0; From e144e0099a7548dad75424ff2d39ea4388f37a98 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Tue, 20 Apr 2021 16:25:49 +0100 Subject: [PATCH 7/7] Docs: correct some control names. (And remove another reference to connection type 'buttons'.) --- doc/config.but | 6 +++--- doc/gs.but | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/config.but b/doc/config.but index 258974bb..a00ae476 100644 --- a/doc/config.but +++ b/doc/config.but @@ -14,9 +14,9 @@ save your settings to be reloaded later. \S{config-hostname} The \i{host name} section -The top box on the Session panel, labelled \q{Specify your -connection by host name}, contains the details that need to be -filled in before PuTTY can open a session at all. +The top box on the Session panel, labelled \q{Specify the destination +you want to connect to}, contains the details that need to be filled +in before PuTTY can open a session at all. \b The \q{Host Name} box is where you type the name, or the \i{IP address}, of the server you want to connect to. diff --git a/doc/gs.but b/doc/gs.but index f62fadfa..e6a84923 100644 --- a/doc/gs.but +++ b/doc/gs.but @@ -18,7 +18,7 @@ you want to connect to. You should have been told this by the provider of your login account. Now select a login \i{protocol} to use, from the \q{Connection type} -buttons. For a login session, you should select \i{SSH}, \i{Telnet}, +controls. For a login session, you should select \i{SSH}, \i{Telnet}, \i{Rlogin}, or \i{SUPDUP}. See \k{which-one} for a description of the differences between these protocols, and advice on which one to use. The \I{raw protocol}\e{Raw} protocol is not used for interactive @@ -37,7 +37,7 @@ provides login services on a non-standard port, your system administrator should have told you which one. (For example, many \i{MUDs} run Telnet service on a port other than 23.) -Once you have filled in the \q{Host Name}, \q{Protocol}, and +Once you have filled in the \q{Host Name}, \q{Connection type}, and possibly \q{Port} settings, you are ready to connect. Press the \q{Open} button at the bottom of the dialog box, and PuTTY will begin trying to connect you to the server.