diff --git a/cmdgen.c b/cmdgen.c
index 25078b9a..b12758a1 100644
--- a/cmdgen.c
+++ b/cmdgen.c
@@ -130,13 +130,17 @@ void help(void)
            "           public              RFC 4716 / ssh.com public key\n"
            "           public-openssh      OpenSSH public key\n"
            "           fingerprint         output the key fingerprint\n"
+           "           cert-info           print certificate information\n"
            "           text                output the key components as "
            "'name=0x####'\n"
            "  -o    specify output file\n"
            "  -l    equivalent to `-O fingerprint'\n"
            "  -L    equivalent to `-O public-openssh'\n"
            "  -p    equivalent to `-O public'\n"
+           "  --cert-info   equivalent to `-O cert-info'\n"
            "  --dump   equivalent to `-O text'\n"
+           "  -E fptype            specify fingerprint output type:\n"
+           "                          sha256, md5, sha256-cert, md5-cert\n"
            "  --certificate file   incorporate a certificate into the key\n"
            "  --remove-certificate remove any certificate from the key\n"
            "  --reencrypt          load a key and save it with fresh "
diff --git a/doc/man-puttygen.but b/doc/man-puttygen.but
index 092f05c0..e6a2c990 100644
--- a/doc/man-puttygen.but
+++ b/doc/man-puttygen.but
@@ -12,10 +12,12 @@
 \e bbbbbbbb   iiiiiii   bb iiiiiii   bb iiii     bbbbbbbb iiiiii     bb
 \c          [ -C new-comment ] [ -P ] [ --reencrypt ]
 \e            bb iiiiiiiiiii     bb     bbbbbbbbbbb
-\c          [ -O output-type | -l | -L | -p | --dump ] [ -E fptype ]
-\e            bb iiiiiiiiiii   bb   bb   bb   bbbbbb     bb iiiiii
-\c             [ --ppk-param key=value,... ]
-\e               bbbbbbbbbbb iiibiiiiib
+\c          [ --certificate cert-file | --remove-certificate ]
+\e            bbbbbbbbbbbbb iiiiiiiii   bbbbbbbbbbbbbbbbbbbb
+\c          [ -O output-type | -l | -L | -p | --dump | --cert-info ]
+\e            bb iiiiiiiiiii   bb   bb   bb   bbbbbb   bbbbbbbbbbb  
+\c             [ --ppk-param key=value,... | -E fptype ]
+\e               bbbbbbbbbbb iiibiiiiib      bb iiiiii
 \c          [ -o output-file ]
 \e            bb iiiiiiiiiii
 
@@ -58,8 +60,9 @@ ssh.com's implementation.
 
 You can also specify a file containing only a \e{public} key here.
 The operations you can do are limited to outputting another public
-key format or a fingerprint. Public keys can be in RFC 4716 or
-OpenSSH format, or the standard SSH-1 format.
+key format (possibly removing an attached certificate first), or a
+fingerprint. Public keys can be in RFC 4716 or OpenSSH format, or
+the standard SSH-1 format.
 
 }
 
@@ -148,7 +151,8 @@ modifying an existing key.
 \dd Adds an OpenSSH-style certificate to the public half of the key,
 so that the output file contains a certified public key with the same
 private key. If the input file already contained a certificate, it
-will be replaced with the new one.
+will be replaced with the new one. (Use \cq{-} to read a certificate
+from standard input.)
 
 \dt \cw{\-\-remove\-certificate}
 
@@ -288,8 +292,9 @@ SSH.
 
 \lcont{
 The output consists of a series of \cw{name=value} lines, where each
-\c{value} is either a C-like string literal in double quotes, or a
-hexadecimal number starting with \cw{0x...}
+\c{value} is either a C-like string literal in double quotes, a
+hexadecimal number starting with \cw{0x...}, or a binary blob
+encoded with base64, denoted by \cw{b64("...")}.
 }
 
 If no output type is specified, the default is \c{private}.
@@ -302,8 +307,9 @@ If no output type is specified, the default is \c{private}.
 this option is not specified, \c{puttygen} will assume you want to
 overwrite the original file if the input and output file types are
 the same (changing a comment or passphrase), and will assume you
-want to output to stdout if you are asking for a public key or
-fingerprint. Otherwise, the \c{\-o} option is required.
+want to output to stdout if you are asking for a public key,
+fingerprint, or one of the textual dump types. Otherwise, the
+\c{\-o} option is required.
 
 \dt \cw{\-l}
 
diff --git a/doc/pubkey.but b/doc/pubkey.but
index 539b55b4..27c0ba60 100644
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@@ -535,7 +535,8 @@ The options supported on the command line are:
 \dt \cw{\-t} \e{keytype}
 
 \dd Type of key to generate. You can select \c{rsa}, \c{dsa},
-\c{ecdsa}, \c{eddsa} or \c{rsa1}. See \k{puttygen-keytype}.
+\c{ecdsa}, \c{eddsa}, \c{ed25519}, \c{ed448}, or \c{rsa1}.
+See \k{puttygen-keytype}.
 
 \dt \cw{\-b} \e{bits}
 
diff --git a/windows/puttygen.c b/windows/puttygen.c
index 143e7b5f..457dbfa1 100644
--- a/windows/puttygen.c
+++ b/windows/puttygen.c
@@ -1402,14 +1402,14 @@ static INT_PTR CertInfoProc(HWND hwnd, UINT msg, WPARAM wParam,
                     ES_AUTOHSCROLL | ES_READONLY;
                 if (item->type == SDT_MORE_INFO_VALUE_BLOB) {
                     rk.left = 12;
-                    rk.right = 426;
+                    rk.right = 286;
                     rk.top = y;
                     rk.bottom = 8;
                     y += 10;
 
                     editstyle |= ES_MULTILINE;
                     rv.left = 12;
-                    rv.right = 426;
+                    rv.right = 286;
                     rv.top = y;
                     rv.bottom = 64;
                     y += 68;
@@ -1420,7 +1420,7 @@ static INT_PTR CertInfoProc(HWND hwnd, UINT msg, WPARAM wParam,
                     rk.bottom = 8;
 
                     rv.left = 150;
-                    rv.right = 438;
+                    rv.right = 298;
                     rv.top = y;
                     rv.bottom = 12;