mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Merge public-key docs fixes from 'pre-0.78'.
This commit is contained in:
Jacob Nevins
commit
ca58e96982
@ -2546,7 +2546,7 @@ larger elliptic curve with a 448-bit instead of 255-bit modulus (so it
|
||||
has a higher security level than Ed25519).
|
||||
|
||||
\b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the
|
||||
NIST-standardised elliptic curves.
|
||||
\i{NIST}-standardised elliptic curves.
|
||||
|
||||
\b \q{DSA}: straightforward \i{DSA} using modular exponentiation.
|
||||
|
||||
|
||||
@ -819,6 +819,12 @@ saved sessions from
|
||||
\IM{DSA} DSA
|
||||
\IM{DSA} Digital Signature Standard
|
||||
|
||||
\IM{ECDSA} ECDSA
|
||||
\IM{ECDSA} elliptic-curve DSA
|
||||
|
||||
\IM{NIST} NIST-standardised elliptic curves
|
||||
\IM{NIST} elliptic curves, NIST-standardised
|
||||
|
||||
\IM{EdDSA} EdDSA
|
||||
\IM{EdDSA} Edwards-curve DSA
|
||||
|
||||
|
||||
@ -64,21 +64,24 @@ The large list box in the Pageant main window lists the private keys
|
||||
that are currently loaded into Pageant. The list might look
|
||||
something like this:
|
||||
|
||||
\c ssh-ed25519 SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w
|
||||
\c ssh-rsa 2048 SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg
|
||||
\c Ed25519 SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w
|
||||
\c RSA 2028 SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg
|
||||
|
||||
For each key, the list box will tell you:
|
||||
|
||||
\b The type of the key. Currently, this can be
|
||||
\c{ssh-rsa} (an RSA key for use with the SSH-2 protocol),
|
||||
\c{ssh-dss} (a DSA key for use with the SSH-2 protocol),
|
||||
\c{ecdsa-sha2-*} (an ECDSA key for use with the SSH-2 protocol),
|
||||
\c{ssh-ed25519} (an Ed25519 key for use with the SSH-2 protocol),
|
||||
\c{ssh-ed448} (an Ed448 key for use with the SSH-2 protocol),
|
||||
or \c{ssh1} (an RSA key for use with the old SSH-1 protocol).
|
||||
\q{RSA} (an RSA key for use with the SSH-2 protocol),
|
||||
\q{DSA} (a DSA key for use with the SSH-2 protocol),
|
||||
\q{\i{NIST}} (an ECDSA key for use with the SSH-2 protocol),
|
||||
\q{Ed25519} (an Ed25519 key for use with the SSH-2 protocol),
|
||||
\q{Ed448} (an Ed448 key for use with the SSH-2 protocol),
|
||||
or \q{SSH-1} (an RSA key for use with the old SSH-1 protocol).
|
||||
(If the key has an associated certificate, this is shown here with a
|
||||
\q{cert} suffix.)
|
||||
|
||||
\b The size (in bits) of the key, for key types that come in different
|
||||
sizes.
|
||||
sizes. (For ECDSA \q{NIST} keys, this is indicated as \q{p256} or
|
||||
\q{p384} or \q{p521}.)
|
||||
|
||||
\b The \I{key fingerprint}fingerprint for the public key. This should be
|
||||
the same fingerprint given by PuTTYgen, and (hopefully) also the same
|
||||
@ -86,10 +89,11 @@ fingerprint shown by remote utilities such as \i\c{ssh-keygen} when
|
||||
applied to your \c{authorized_keys} file.
|
||||
|
||||
\lcont{
|
||||
By default this is shown in the \q{SHA256} format. You can change to the
|
||||
older \q{MD5} format (which looks like \c{aa:bb:cc:...}) with the
|
||||
\q{Fingerprint type} drop-down, but bear in mind that this format is
|
||||
less secure and should be avoided for comparison purposes where possible.
|
||||
For SSH-2 keys, by default this is shown in the \q{SHA256} format. You
|
||||
can change to the older \q{MD5} format (which looks like \c{aa:bb:cc:...})
|
||||
with the \q{Fingerprint type} drop-down, but bear in mind that this
|
||||
format is less secure and should be avoided for comparison purposes
|
||||
where possible.
|
||||
|
||||
If some of the keys loaded into Pageant have certificates attached,
|
||||
then Pageant will default to showing the fingerprint of the underlying
|
||||
|
||||
@ -62,9 +62,9 @@ The key types supported by PuTTY are described in \k{puttygen-keytype}.
|
||||
\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
|
||||
|
||||
PuTTYgen is a key generator. It \I{generating keys}generates pairs of
|
||||
public and private keys to be used with PuTTY, PSCP, and Plink, as well
|
||||
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
|
||||
generates RSA, DSA, ECDSA, and EdDSA keys.
|
||||
public and private keys to be used with PuTTY, PSCP, PSFTP, and Plink,
|
||||
as well as the PuTTY authentication agent, Pageant (see \k{pageant}).
|
||||
PuTTYgen generates RSA, DSA, ECDSA, and EdDSA keys.
|
||||
|
||||
When you run PuTTYgen you will see a window where you have two main
|
||||
choices: \q{Generate}, to generate a new public/private key pair, or
|
||||
@ -132,10 +132,13 @@ The \q{Number of bits} input box allows you to choose the strength
|
||||
of the key PuTTYgen will generate.
|
||||
|
||||
\b For RSA and DSA, 2048 bits should currently be sufficient for most
|
||||
purposes.
|
||||
purposes. (Smaller keys of these types are no longer considered
|
||||
secure, and PuTTYgen will warn if you try to generate them.)
|
||||
|
||||
\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
|
||||
equivalent security to RSA with smaller key sizes.)
|
||||
\b For ECDSA, only 256, 384, and 521 bits are supported, corresponding
|
||||
to \i{NIST}-standardised elliptic curves. (Elliptic-curve keys do not
|
||||
need as many bits as RSA keys for equivalent security, so these numbers
|
||||
are smaller than the RSA recommendations.)
|
||||
|
||||
\b For EdDSA, the only valid sizes are 255 bits (these keys are also
|
||||
known as \q{\i{Ed25519}} and are commonly used) and 448 bits
|
||||
@ -145,6 +148,9 @@ the same as 255.)
|
||||
|
||||
\S{puttygen-primes} Selecting the \i{prime generation method}
|
||||
|
||||
(This is entirely optional. Unless you know better, it's entirely
|
||||
sensible to skip this and use the default settings.)
|
||||
|
||||
On the \q{Key} menu, you can also optionally change the method for
|
||||
generating the prime numbers used in the generated key. This is used
|
||||
for RSA and DSA keys only. (The other key types don't require
|
||||
@ -154,9 +160,6 @@ The prime-generation method does not affect compatibility: a key
|
||||
generated with any of these methods will still work with all the same
|
||||
SSH servers.
|
||||
|
||||
If you don't care about this, it's entirely sensible to leave it on the
|
||||
default setting.
|
||||
|
||||
The available methods are:
|
||||
|
||||
\b Use \i{probable primes} (fast)
|
||||
@ -239,9 +242,9 @@ a particular fingerprint. So some utilities, such as the Pageant key
|
||||
list box (see \k{pageant-mainwin-keylist}) and the Unix \c{ssh-add}
|
||||
utility, will list key fingerprints rather than the whole public key.
|
||||
|
||||
By default, PuTTYgen will display fingerprints in the \q{SHA256}
|
||||
format. If you need to see the fingerprint in the older \q{MD5} format
|
||||
(which looks like \c{aa:bb:cc:...}), you can choose
|
||||
By default, PuTTYgen will display SSH-2 key fingerprints in the
|
||||
\q{SHA256} format. If you need to see the fingerprint in the older
|
||||
\q{MD5} format (which looks like \c{aa:bb:cc:...}), you can choose
|
||||
\q{Show fingerprint as MD5} from the \q{Key} menu, but bear in mind
|
||||
that this is less cryptographically secure; it may be feasible for
|
||||
an attacker to create a key with the same fingerprint as yours.
|
||||
|
||||
@ -241,7 +241,7 @@ of \e{y} in the group generated by \e{g} mod \e{p}.
|
||||
|
||||
\S{ppk-privkey-ecdsa} NIST elliptic-curve keys
|
||||
|
||||
NIST elliptic-curve keys are stored using one of the following
|
||||
\i{NIST} elliptic-curve keys are stored using one of the following
|
||||
\s{algorithm-name} values, each corresponding to a different elliptic
|
||||
curve and key size:
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user