mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-25 01:02:24 +00:00
Minimally document key generation novelties.
Covers Ed448 (and the user interface change to "EdDSA"), and the prime generation method. (Both of these need better words, really.)
This commit is contained in:
parent
ead9355882
commit
e85b159d87
@ -2534,9 +2534,12 @@ Configuration is similar to cipher selection (see
|
|||||||
|
|
||||||
PuTTY currently supports the following host key types:
|
PuTTY currently supports the following host key types:
|
||||||
|
|
||||||
\b \q{Ed25519}: \i{Edwards-curve} \i{DSA} using a twisted Edwards
|
\b \q{\i{Ed25519}}: \I{EdDSA}Edwards-curve DSA using a twisted Edwards
|
||||||
curve with modulus \cw{2^255-19}.
|
curve with modulus \cw{2^255-19}.
|
||||||
|
|
||||||
|
\b \q{\i{Ed448}}: another \I{EdDSA}Edwards-curve DSA type.
|
||||||
|
\#{XXX-REVIEW-BEFORE-RELEASE: better description}
|
||||||
|
|
||||||
\b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the
|
\b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the
|
||||||
NIST-standardised elliptic curves.
|
NIST-standardised elliptic curves.
|
||||||
|
|
||||||
|
@ -795,6 +795,9 @@ saved sessions from
|
|||||||
\IM{DSA} DSA
|
\IM{DSA} DSA
|
||||||
\IM{DSA} Digital Signature Standard
|
\IM{DSA} Digital Signature Standard
|
||||||
|
|
||||||
|
\IM{EdDSA} EdDSA
|
||||||
|
\IM{EdDSA} Edwards-curve DSA
|
||||||
|
|
||||||
\IM{public-key algorithm} public-key algorithm
|
\IM{public-key algorithm} public-key algorithm
|
||||||
\IM{public-key algorithm} asymmetric key algorithm
|
\IM{public-key algorithm} asymmetric key algorithm
|
||||||
\IM{public-key algorithm} algorithm, public-key
|
\IM{public-key algorithm} algorithm, public-key
|
||||||
@ -805,6 +808,12 @@ saved sessions from
|
|||||||
\IM{generating keys} public keys, generating
|
\IM{generating keys} public keys, generating
|
||||||
\IM{generating keys} private keys, generating
|
\IM{generating keys} private keys, generating
|
||||||
|
|
||||||
|
\IM{probable primes} probable primes
|
||||||
|
\IM{probable primes} primes, probable
|
||||||
|
|
||||||
|
\IM{proven primes} proven primes
|
||||||
|
\IM{proven primes} primes, proven
|
||||||
|
|
||||||
\IM{authorized_keys file}{authorized_keys} \cw{authorized_keys} file
|
\IM{authorized_keys file}{authorized_keys} \cw{authorized_keys} file
|
||||||
|
|
||||||
\IM{key fingerprint} fingerprint, of SSH authentication key
|
\IM{key fingerprint} fingerprint, of SSH authentication key
|
||||||
|
@ -8,8 +8,8 @@
|
|||||||
|
|
||||||
\S{puttygen-manpage-synopsis} SYNOPSIS
|
\S{puttygen-manpage-synopsis} SYNOPSIS
|
||||||
|
|
||||||
\c puttygen ( keyfile | -t keytype [ -b bits ] )
|
\c puttygen ( keyfile | -t keytype [ -b bits ] [ --primes method ] )
|
||||||
\e bbbbbbbb iiiiiii bb iiiiiii bb iiii
|
\e bbbbbbbb iiiiiii bb iiiiiii bb iiii bbbbbbbb iiiiii
|
||||||
\c [ -C new-comment ] [ -P ] [ -q ]
|
\c [ -C new-comment ] [ -P ] [ -q ]
|
||||||
\e bb iiiiiiiiiii bb bb
|
\e bb iiiiiiiiiii bb bb
|
||||||
\c [ -O output-type | -l | -L | -p ]
|
\c [ -O output-type | -l | -L | -p ]
|
||||||
@ -63,12 +63,22 @@ OpenSSH format, or the standard SSH-1 format.
|
|||||||
\dt \cw{\-t} \e{keytype}
|
\dt \cw{\-t} \e{keytype}
|
||||||
|
|
||||||
\dd Specify a type of key to generate. The acceptable values here are
|
\dd Specify a type of key to generate. The acceptable values here are
|
||||||
\c{rsa}, \c{dsa}, \c{ecdsa}, and \c{ed25519} (to generate SSH-2 keys),
|
\c{rsa}, \c{dsa}, \c{ecdsa}, \c{eddsa}, \c{ed25519}, and \c{ed448}
|
||||||
and \c{rsa1} (to generate SSH-1 keys).
|
(to generate SSH-2 keys), and \c{rsa1} (to generate SSH-1 keys).
|
||||||
|
|
||||||
\dt \cw{\-b} \e{bits}
|
\dt \cw{\-b} \e{bits}
|
||||||
|
|
||||||
\dd Specify the size of the key to generate, in bits. Default is 2048.
|
\dd Specify the size of the key to generate, in bits. Default for
|
||||||
|
\c{rsa} and \c{dsa} keys is 2048.
|
||||||
|
|
||||||
|
\dt \cw{\-\-primes} \e{method}
|
||||||
|
|
||||||
|
\dd Method for generating prime numbers. The acceptable values here
|
||||||
|
are \c{probable} (the default), \c{proven}, and \c{proven-even}; the
|
||||||
|
the later methods are slower. (Various synonyms for these method
|
||||||
|
names are also accepted.)
|
||||||
|
\#{XXX-REVIEW-BEFORE-RELEASE: explain in more detail why you would
|
||||||
|
want to fiddle with this}
|
||||||
|
|
||||||
\dt \cw{\-q}
|
\dt \cw{\-q}
|
||||||
|
|
||||||
|
@ -64,7 +64,7 @@ The key types supported by PuTTY are described in \k{puttygen-keytype}.
|
|||||||
PuTTYgen is a key generator. It \I{generating keys}generates pairs of
|
PuTTYgen is a key generator. It \I{generating keys}generates pairs of
|
||||||
public and private keys to be used with PuTTY, PSCP, and Plink, as well
|
public and private keys to be used with PuTTY, PSCP, and Plink, as well
|
||||||
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
|
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
|
||||||
generates RSA, DSA, ECDSA, and Ed25519 keys.
|
generates RSA, DSA, ECDSA, and EdDSA keys.
|
||||||
|
|
||||||
When you run PuTTYgen you will see a window where you have two main
|
When you run PuTTYgen you will see a window where you have two main
|
||||||
choices: \q{Generate}, to generate a new public/private key pair, or
|
choices: \q{Generate}, to generate a new public/private key pair, or
|
||||||
@ -117,8 +117,8 @@ different key types. PuTTYgen can generate:
|
|||||||
\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
|
\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
|
||||||
SSH-2 protocol.
|
SSH-2 protocol.
|
||||||
|
|
||||||
\b An \i{Ed25519} key (another elliptic curve algorithm) for use
|
\b An \i{EdDSA} key (Edwards-curve DSA, another elliptic curve
|
||||||
with the SSH-2 protocol.
|
algorithm) for use with the SSH-2 protocol.
|
||||||
|
|
||||||
PuTTYgen can also generate an RSA key suitable for use with the old
|
PuTTYgen can also generate an RSA key suitable for use with the old
|
||||||
SSH-1 protocol (which only supports RSA); for this, you need to select
|
SSH-1 protocol (which only supports RSA); for this, you need to select
|
||||||
@ -137,7 +137,28 @@ of the key PuTTYgen will generate.
|
|||||||
\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
|
\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
|
||||||
equivalent security to RSA with smaller key sizes.)
|
equivalent security to RSA with smaller key sizes.)
|
||||||
|
|
||||||
\b For Ed25519, the only valid size is 256 bits.
|
\b For EdDSA, the only valid sizes are 255 bits (these keys are also
|
||||||
|
known as \q{\i{Ed25519}} and are commonly used) and 448 bits
|
||||||
|
(\q{\i{Ed448}}, which is much less common at the time of writing).
|
||||||
|
(256 is also accepted for backward compatibility, but the effect is
|
||||||
|
the same as 255.)
|
||||||
|
|
||||||
|
\S{puttygen-primes} Selecting the \i{prime generation method}
|
||||||
|
|
||||||
|
On the \q{Key} menu, you can also optionally change the method for
|
||||||
|
generating the prime numbers used in the generated key. This affects
|
||||||
|
the quality of the key, but not its compatibility. The default method
|
||||||
|
is usually fine. The available methods are:
|
||||||
|
|
||||||
|
\b Use \i{probable primes} (fast)
|
||||||
|
|
||||||
|
\b Use \i{proven primes} (slower)
|
||||||
|
|
||||||
|
\b Use proven primes with even distribution (slowest)
|
||||||
|
|
||||||
|
\#{XXX-REVIEW-BEFORE-RELEASE: really need more words here, about why
|
||||||
|
you'd fiddle with this, and particularly around why 'probable' is ever
|
||||||
|
considered fine}
|
||||||
|
|
||||||
\S{puttygen-generate} The \q{Generate} button
|
\S{puttygen-generate} The \q{Generate} button
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user