nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-27 02:02:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge public-key docs fixes from 'pre-0.78'.

Browse Source
This commit is contained in:
Jacob Nevins 2022-10-21 13:06:28 +01:00
commit ca58e96982
5 changed files with 40 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/config.but
View File

@ -2546,7 +2546,7 @@ larger elliptic curve with a 448-bit instead of 255-bit modulus (so it
has a higher security level than Ed25519). has a higher security level than Ed25519).
\b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the \b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the
NIST-standardised elliptic curves. \i{NIST}-standardised elliptic curves.
\b \q{DSA}: straightforward \i{DSA} using modular exponentiation. \b \q{DSA}: straightforward \i{DSA} using modular exponentiation.

6
doc/index.but
View File

@ -819,6 +819,12 @@ saved sessions from
\IM{DSA} DSA \IM{DSA} DSA
\IM{DSA} Digital Signature Standard \IM{DSA} Digital Signature Standard
\IM{ECDSA} ECDSA
\IM{ECDSA} elliptic-curve DSA
\IM{NIST} NIST-standardised elliptic curves
\IM{NIST} elliptic curves, NIST-standardised
\IM{EdDSA} EdDSA \IM{EdDSA} EdDSA
\IM{EdDSA} Edwards-curve DSA \IM{EdDSA} Edwards-curve DSA

30
doc/pageant.but
View File

@ -64,21 +64,24 @@ The large list box in the Pageant main window lists the private keys
that are currently loaded into Pageant. The list might look that are currently loaded into Pageant. The list might look
something like this: something like this:
\c ssh-ed25519 SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w \c Ed25519 SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w
\c ssh-rsa 2048 SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg \c RSA 2028 SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg
For each key, the list box will tell you: For each key, the list box will tell you:
\b The type of the key. Currently, this can be \b The type of the key. Currently, this can be
\c{ssh-rsa} (an RSA key for use with the SSH-2 protocol), \q{RSA} (an RSA key for use with the SSH-2 protocol),
\c{ssh-dss} (a DSA key for use with the SSH-2 protocol), \q{DSA} (a DSA key for use with the SSH-2 protocol),
\c{ecdsa-sha2-*} (an ECDSA key for use with the SSH-2 protocol), \q{\i{NIST}} (an ECDSA key for use with the SSH-2 protocol),
\c{ssh-ed25519} (an Ed25519 key for use with the SSH-2 protocol), \q{Ed25519} (an Ed25519 key for use with the SSH-2 protocol),
\c{ssh-ed448} (an Ed448 key for use with the SSH-2 protocol), \q{Ed448} (an Ed448 key for use with the SSH-2 protocol),
or \c{ssh1} (an RSA key for use with the old SSH-1 protocol). or \q{SSH-1} (an RSA key for use with the old SSH-1 protocol).
(If the key has an associated certificate, this is shown here with a
\q{cert} suffix.)
\b The size (in bits) of the key, for key types that come in different \b The size (in bits) of the key, for key types that come in different
sizes. sizes. (For ECDSA \q{NIST} keys, this is indicated as \q{p256} or
\q{p384} or \q{p521}.)
\b The \I{key fingerprint}fingerprint for the public key. This should be \b The \I{key fingerprint}fingerprint for the public key. This should be
the same fingerprint given by PuTTYgen, and (hopefully) also the same the same fingerprint given by PuTTYgen, and (hopefully) also the same
@ -86,10 +89,11 @@ fingerprint shown by remote utilities such as \i\c{ssh-keygen} when
applied to your \c{authorized_keys} file. applied to your \c{authorized_keys} file.
\lcont{ \lcont{
By default this is shown in the \q{SHA256} format. You can change to the For SSH-2 keys, by default this is shown in the \q{SHA256} format. You
older \q{MD5} format (which looks like \c{aa:bb:cc:...}) with the can change to the older \q{MD5} format (which looks like \c{aa:bb:cc:...})
\q{Fingerprint type} drop-down, but bear in mind that this format is with the \q{Fingerprint type} drop-down, but bear in mind that this
less secure and should be avoided for comparison purposes where possible. format is less secure and should be avoided for comparison purposes
where possible.
If some of the keys loaded into Pageant have certificates attached, If some of the keys loaded into Pageant have certificates attached,
then Pageant will default to showing the fingerprint of the underlying then Pageant will default to showing the fingerprint of the underlying

27
doc/pubkey.but
View File

@ -62,9 +62,9 @@ The key types supported by PuTTY are described in \k{puttygen-keytype}.
\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
PuTTYgen is a key generator. It \I{generating keys}generates pairs of PuTTYgen is a key generator. It \I{generating keys}generates pairs of
public and private keys to be used with PuTTY, PSCP, and Plink, as well public and private keys to be used with PuTTY, PSCP, PSFTP, and Plink,
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen as well as the PuTTY authentication agent, Pageant (see \k{pageant}).
generates RSA, DSA, ECDSA, and EdDSA keys. PuTTYgen generates RSA, DSA, ECDSA, and EdDSA keys.
When you run PuTTYgen you will see a window where you have two main When you run PuTTYgen you will see a window where you have two main
choices: \q{Generate}, to generate a new public/private key pair, or choices: \q{Generate}, to generate a new public/private key pair, or
@ -132,10 +132,13 @@ The \q{Number of bits} input box allows you to choose the strength
of the key PuTTYgen will generate. of the key PuTTYgen will generate.
\b For RSA and DSA, 2048 bits should currently be sufficient for most \b For RSA and DSA, 2048 bits should currently be sufficient for most
purposes. purposes. (Smaller keys of these types are no longer considered
secure, and PuTTYgen will warn if you try to generate them.)
\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers \b For ECDSA, only 256, 384, and 521 bits are supported, corresponding
equivalent security to RSA with smaller key sizes.) to \i{NIST}-standardised elliptic curves. (Elliptic-curve keys do not
need as many bits as RSA keys for equivalent security, so these numbers
are smaller than the RSA recommendations.)
\b For EdDSA, the only valid sizes are 255 bits (these keys are also \b For EdDSA, the only valid sizes are 255 bits (these keys are also
known as \q{\i{Ed25519}} and are commonly used) and 448 bits known as \q{\i{Ed25519}} and are commonly used) and 448 bits
@ -145,6 +148,9 @@ the same as 255.)
\S{puttygen-primes} Selecting the \i{prime generation method} \S{puttygen-primes} Selecting the \i{prime generation method}
(This is entirely optional. Unless you know better, it's entirely
sensible to skip this and use the default settings.)
On the \q{Key} menu, you can also optionally change the method for On the \q{Key} menu, you can also optionally change the method for
generating the prime numbers used in the generated key. This is used generating the prime numbers used in the generated key. This is used
for RSA and DSA keys only. (The other key types don't require for RSA and DSA keys only. (The other key types don't require
@ -154,9 +160,6 @@ The prime-generation method does not affect compatibility: a key
generated with any of these methods will still work with all the same generated with any of these methods will still work with all the same
SSH servers. SSH servers.
If you don't care about this, it's entirely sensible to leave it on the
default setting.
The available methods are: The available methods are:
\b Use \i{probable primes} (fast) \b Use \i{probable primes} (fast)
@ -239,9 +242,9 @@ a particular fingerprint. So some utilities, such as the Pageant key
list box (see \k{pageant-mainwin-keylist}) and the Unix \c{ssh-add} list box (see \k{pageant-mainwin-keylist}) and the Unix \c{ssh-add}
utility, will list key fingerprints rather than the whole public key. utility, will list key fingerprints rather than the whole public key.
By default, PuTTYgen will display fingerprints in the \q{SHA256} By default, PuTTYgen will display SSH-2 key fingerprints in the
format. If you need to see the fingerprint in the older \q{MD5} format \q{SHA256} format. If you need to see the fingerprint in the older
(which looks like \c{aa:bb:cc:...}), you can choose \q{MD5} format (which looks like \c{aa:bb:cc:...}), you can choose
\q{Show fingerprint as MD5} from the \q{Key} menu, but bear in mind \q{Show fingerprint as MD5} from the \q{Key} menu, but bear in mind
that this is less cryptographically secure; it may be feasible for that this is less cryptographically secure; it may be feasible for
an attacker to create a key with the same fingerprint as yours. an attacker to create a key with the same fingerprint as yours.

2
doc/pubkeyfmt.but
View File

@ -241,7 +241,7 @@ of \e{y} in the group generated by \e{g} mod \e{p}.
\S{ppk-privkey-ecdsa} NIST elliptic-curve keys \S{ppk-privkey-ecdsa} NIST elliptic-curve keys
NIST elliptic-curve keys are stored using one of the following \i{NIST} elliptic-curve keys are stored using one of the following
\s{algorithm-name} values, each corresponding to a different elliptic \s{algorithm-name} values, each corresponding to a different elliptic
curve and key size: curve and key size: