nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-05-30 08:20:28 -05:00
Code Issues Projects Releases Wiki Activity

Minimal documentation for ECDSA/ECDH support.

Browse Source
This commit is contained in:
Jacob Nevins 2015-02-28 19:08:15 +00:00
parent 45e89ed7ca
commit 80bd6a01aa
3 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/config.but
View File

@ -2382,15 +2382,17 @@ PuTTY supports a variety of SSH-2 key exchange methods, and allows you
to choose which one you prefer to use; configuration is similar to to choose which one you prefer to use; configuration is similar to
cipher selection (see \k{config-ssh-encryption}). cipher selection (see \k{config-ssh-encryption}).
PuTTY currently supports the following varieties of \i{Diffie-Hellman key PuTTY currently supports the following key exchange methods:
exchange}:
\b \q{Group 14}: a well-known 2048-bit group. \b \q{ECDH}: \i{elliptic curve} \i{Diffie-Hellman key exchange}.
\b \q{Group 1}: a well-known 1024-bit group. This is less secure \b \q{Group 14}: Diffie-Hellman key exchange with a well-known
\#{FIXME better words} than group 14, but may be faster with slow 2048-bit group.
client or server machines, and may be the only method supported by
older server software. \b \q{Group 1}: Diffie-Hellman key exchange with a well-known
1024-bit group. This is less secure \#{FIXME better words} than
group 14, but may be faster with slow client or server machines,
and may be the only method supported by older server software.
\b \q{\ii{Group exchange}}: with this method, instead of using a fixed \b \q{\ii{Group exchange}}: with this method, instead of using a fixed
group, PuTTY requests that the server suggest a group to use for key group, PuTTY requests that the server suggest a group to use for key
@ -2398,9 +2400,9 @@ exchange; the server can avoid groups known to be weak, and possibly
invent new ones over time, without any changes required to PuTTY's invent new ones over time, without any changes required to PuTTY's
configuration. We recommend use of this method, if possible. configuration. We recommend use of this method, if possible.
In addition, PuTTY supports \i{RSA key exchange}, which requires much less \b \q{\i{RSA key exchange}}: this requires much less computational
computational effort on the part of the client, and somewhat less on effort on the part of the client, and somewhat less on the part of
the part of the server, than Diffie-Hellman key exchange. the server, than Diffie-Hellman key exchange.
If the first algorithm PuTTY finds is below the \q{warn below here} If the first algorithm PuTTY finds is below the \q{warn below here}
line, you will see a warning box when you make the connection, similar line, you will see a warning box when you make the connection, similar

3
doc/pageant.but
View File

@ -71,7 +71,8 @@ For each key, the list box will tell you:
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key \b The type of the key. Currently, this can be \c{ssh1} (an RSA key
for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with with the SSH-2 protocol), \c{ssh-dss} (a DSA key for use with
the SSH-2 protocol), or \c{ecdsa-sha2-*} (an ECDSA key for use with
the SSH-2 protocol). the SSH-2 protocol).
\b The size (in bits) of the key. \b The size (in bits) of the key.

22
doc/pubkey.but
View File

@ -55,9 +55,9 @@ disk. Many people feel this is a good compromise between security
and convenience. See \k{pageant} for further details. and convenience. See \k{pageant} for further details.
There is more than one \i{public-key algorithm} available. The most There is more than one \i{public-key algorithm} available. The most
common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA}
DSS), the USA's federal Digital Signature Standard. The key types (otherwise known as DSS), the USA's federal Digital Signature Standard.
supported by PuTTY are described in \k{puttygen-keytype}. The key types supported by PuTTY are described in \k{puttygen-keytype}.
\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
@ -66,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}.
PuTTYgen is a key generator. It \I{generating keys}generates pairs of PuTTYgen is a key generator. It \I{generating keys}generates pairs of
public and private keys to be used with PuTTY, PSCP, and Plink, as well public and private keys to be used with PuTTY, PSCP, and Plink, as well
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
generates RSA and DSA keys. generates RSA, DSA, and ECDSA keys.
When you run PuTTYgen you will see a window where you have two When you run PuTTYgen you will see a window where you have two
choices: \q{Generate}, to generate a new public/private key pair, or choices: \q{Generate}, to generate a new public/private key pair, or
@ -118,14 +118,17 @@ of key:
\b A \i{DSA} key for use with the SSH-2 protocol. \b A \i{DSA} key for use with the SSH-2 protocol.
\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
SSH-2 protocol.
The SSH-1 protocol only supports RSA keys; if you will be connecting The SSH-1 protocol only supports RSA keys; if you will be connecting
using the SSH-1 protocol, you must select the first key type or your using the SSH-1 protocol, you must select the first key type or your
key will be completely useless. key will be completely useless.
The SSH-2 protocol supports more than one key type. The two types The SSH-2 protocol supports more than one key type. The types
supported by PuTTY are RSA and DSA. supported by PuTTY are RSA, DSA, and ECDSA.
The PuTTY developers \e{strongly} recommend you use RSA. The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!}
\I{security risk}\i{DSA} has an intrinsic weakness which makes it very \I{security risk}\i{DSA} has an intrinsic weakness which makes it very
easy to create a signature which contains enough information to give easy to create a signature which contains enough information to give
away the \e{private} key! away the \e{private} key!
@ -147,7 +150,10 @@ more than one server.
The \q{Number of bits} input box allows you to choose the strength The \q{Number of bits} input box allows you to choose the strength
of the key PuTTYgen will generate. of the key PuTTYgen will generate.
Currently 1024 bits should be sufficient for most purposes. For RSA, 2048 bits should currently be sufficient for most purposes.
\#{FIXME: DSA}
For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
equivalent security to RSA with smaller key sizes.)
\S{puttygen-generate} The \q{Generate} button \S{puttygen-generate} The \q{Generate} button