1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Minimally document key generation novelties.

Covers Ed448 (and the user interface change to "EdDSA"), and the prime
generation method. (Both of these need better words, really.)
This commit is contained in:
Jacob Nevins 2020-03-02 23:36:09 +00:00
parent ead9355882
commit e85b159d87
4 changed files with 53 additions and 10 deletions

View File

@ -2534,9 +2534,12 @@ Configuration is similar to cipher selection (see
PuTTY currently supports the following host key types: PuTTY currently supports the following host key types:
\b \q{Ed25519}: \i{Edwards-curve} \i{DSA} using a twisted Edwards \b \q{\i{Ed25519}}: \I{EdDSA}Edwards-curve DSA using a twisted Edwards
curve with modulus \cw{2^255-19}. curve with modulus \cw{2^255-19}.
\b \q{\i{Ed448}}: another \I{EdDSA}Edwards-curve DSA type.
\#{XXX-REVIEW-BEFORE-RELEASE: better description}
\b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the \b \q{ECDSA}: \i{elliptic curve} \i{DSA} using one of the
NIST-standardised elliptic curves. NIST-standardised elliptic curves.

View File

@ -795,6 +795,9 @@ saved sessions from
\IM{DSA} DSA \IM{DSA} DSA
\IM{DSA} Digital Signature Standard \IM{DSA} Digital Signature Standard
\IM{EdDSA} EdDSA
\IM{EdDSA} Edwards-curve DSA
\IM{public-key algorithm} public-key algorithm \IM{public-key algorithm} public-key algorithm
\IM{public-key algorithm} asymmetric key algorithm \IM{public-key algorithm} asymmetric key algorithm
\IM{public-key algorithm} algorithm, public-key \IM{public-key algorithm} algorithm, public-key
@ -805,6 +808,12 @@ saved sessions from
\IM{generating keys} public keys, generating \IM{generating keys} public keys, generating
\IM{generating keys} private keys, generating \IM{generating keys} private keys, generating
\IM{probable primes} probable primes
\IM{probable primes} primes, probable
\IM{proven primes} proven primes
\IM{proven primes} primes, proven
\IM{authorized_keys file}{authorized_keys} \cw{authorized_keys} file \IM{authorized_keys file}{authorized_keys} \cw{authorized_keys} file
\IM{key fingerprint} fingerprint, of SSH authentication key \IM{key fingerprint} fingerprint, of SSH authentication key

View File

@ -8,8 +8,8 @@
\S{puttygen-manpage-synopsis} SYNOPSIS \S{puttygen-manpage-synopsis} SYNOPSIS
\c puttygen ( keyfile | -t keytype [ -b bits ] ) \c puttygen ( keyfile | -t keytype [ -b bits ] [ --primes method ] )
\e bbbbbbbb iiiiiii bb iiiiiii bb iiii \e bbbbbbbb iiiiiii bb iiiiiii bb iiii bbbbbbbb iiiiii
\c [ -C new-comment ] [ -P ] [ -q ] \c [ -C new-comment ] [ -P ] [ -q ]
\e bb iiiiiiiiiii bb bb \e bb iiiiiiiiiii bb bb
\c [ -O output-type | -l | -L | -p ] \c [ -O output-type | -l | -L | -p ]
@ -63,12 +63,22 @@ OpenSSH format, or the standard SSH-1 format.
\dt \cw{\-t} \e{keytype} \dt \cw{\-t} \e{keytype}
\dd Specify a type of key to generate. The acceptable values here are \dd Specify a type of key to generate. The acceptable values here are
\c{rsa}, \c{dsa}, \c{ecdsa}, and \c{ed25519} (to generate SSH-2 keys), \c{rsa}, \c{dsa}, \c{ecdsa}, \c{eddsa}, \c{ed25519}, and \c{ed448}
and \c{rsa1} (to generate SSH-1 keys). (to generate SSH-2 keys), and \c{rsa1} (to generate SSH-1 keys).
\dt \cw{\-b} \e{bits} \dt \cw{\-b} \e{bits}
\dd Specify the size of the key to generate, in bits. Default is 2048. \dd Specify the size of the key to generate, in bits. Default for
\c{rsa} and \c{dsa} keys is 2048.
\dt \cw{\-\-primes} \e{method}
\dd Method for generating prime numbers. The acceptable values here
are \c{probable} (the default), \c{proven}, and \c{proven-even}; the
the later methods are slower. (Various synonyms for these method
names are also accepted.)
\#{XXX-REVIEW-BEFORE-RELEASE: explain in more detail why you would
want to fiddle with this}
\dt \cw{\-q} \dt \cw{\-q}

View File

@ -64,7 +64,7 @@ The key types supported by PuTTY are described in \k{puttygen-keytype}.
PuTTYgen is a key generator. It \I{generating keys}generates pairs of PuTTYgen is a key generator. It \I{generating keys}generates pairs of
public and private keys to be used with PuTTY, PSCP, and Plink, as well public and private keys to be used with PuTTY, PSCP, and Plink, as well
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
generates RSA, DSA, ECDSA, and Ed25519 keys. generates RSA, DSA, ECDSA, and EdDSA keys.
When you run PuTTYgen you will see a window where you have two main When you run PuTTYgen you will see a window where you have two main
choices: \q{Generate}, to generate a new public/private key pair, or choices: \q{Generate}, to generate a new public/private key pair, or
@ -117,8 +117,8 @@ different key types. PuTTYgen can generate:
\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the \b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
SSH-2 protocol. SSH-2 protocol.
\b An \i{Ed25519} key (another elliptic curve algorithm) for use \b An \i{EdDSA} key (Edwards-curve DSA, another elliptic curve
with the SSH-2 protocol. algorithm) for use with the SSH-2 protocol.
PuTTYgen can also generate an RSA key suitable for use with the old PuTTYgen can also generate an RSA key suitable for use with the old
SSH-1 protocol (which only supports RSA); for this, you need to select SSH-1 protocol (which only supports RSA); for this, you need to select
@ -137,7 +137,28 @@ of the key PuTTYgen will generate.
\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers \b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
equivalent security to RSA with smaller key sizes.) equivalent security to RSA with smaller key sizes.)
\b For Ed25519, the only valid size is 256 bits. \b For EdDSA, the only valid sizes are 255 bits (these keys are also
known as \q{\i{Ed25519}} and are commonly used) and 448 bits
(\q{\i{Ed448}}, which is much less common at the time of writing).
(256 is also accepted for backward compatibility, but the effect is
the same as 255.)
\S{puttygen-primes} Selecting the \i{prime generation method}
On the \q{Key} menu, you can also optionally change the method for
generating the prime numbers used in the generated key. This affects
the quality of the key, but not its compatibility. The default method
is usually fine. The available methods are:
\b Use \i{probable primes} (fast)
\b Use \i{proven primes} (slower)
\b Use proven primes with even distribution (slowest)
\#{XXX-REVIEW-BEFORE-RELEASE: really need more words here, about why
you'd fiddle with this, and particularly around why 'probable' is ever
considered fine}
\S{puttygen-generate} The \q{Generate} button \S{puttygen-generate} The \q{Generate} button