1puttygen(1) PuTTY tool suite puttygen(1)
2
6 puttygen - public-key generator for the PuTTY tools
7
9 puttygen ( keyfile | -t keytype [ -b bits ] )
10 [ -C new-comment ] [ -P ] [ -q ]
11 [ -O output-type | -l | -L | -p ]
12 [ -o output-file ]
13
15 puttygen is a tool to generate and manipulate SSH public and private
16 key pairs. It is part of the PuTTY suite, although it can also interop‐
17 erate with the key formats used by some other SSH clients.
18 When you run puttygen, it does three things. Firstly, it either loads
20 an existing key file (if you specified keyfile), or generates a new key
21 (if you specified keytype). Then, it optionally makes modifications to
22 the key (changing the comment and/or the passphrase); finally, it out‐
23 puts the key, or some information about the key, to a file.
24 All three of these phases are controlled by the options described in
26 the following section.
27
29 In the first phase, puttygen either loads or generates a key. Note that
30 generating a key requires random data, which can cause puttygen to
31 pause, possibly for some time if your system does not have much random‐
32 ness available.
33 The options to control this phase are:
35 keyfile
37 Specify a key file to be loaded.
38 Usually this will be a private key, which can be in the (de
40 facto standard) SSH-1 key format, or in PuTTY's SSH-2 key for‐
41 mat, or in either of the SSH-2 private key formats used by
42 OpenSSH and ssh.com's implementation.
43 You can also specify a file containing only a public key here.
45 The operations you can do are limited to outputting another pub‐
46 lic key format or a fingerprint. Public keys can be in RFC 4716
47 or OpenSSH format, or the standard SSH-1 format.
48 -t keytype
50 Specify a type of key to generate. The acceptable values here
51 are rsa, dsa, ecdsa, and ed25519 (to generate SSH-2 keys), and
52 rsa1 (to generate SSH-1 keys).
53 -b bits
55 Specify the size of the key to generate, in bits. Default is
56 2048.
57 -q Suppress the progress display when generating a new key.
59 --old-passphrase file
61 Specify a file name; the first line will be read from this file
62 (removing any trailing newline) and used as the old passphrase.
63 CAUTION: If the passphrase is important, the file should be
64 stored on a temporary filesystem or else securely erased after
65 use.
66 --random-device device
68 Specify device to read entropy from (default /dev/random).
69 In the second phase, puttygen optionally alters properties of the key
71 it has loaded or generated. The options to control this are:
72 -C new-comment
74 Specify a comment string to describe the key. This comment
75 string will be used by PuTTY to identify the key to you (when
76 asking you to enter the passphrase, for example, so that you
77 know which passphrase to type).
78 -P Indicate that you want to change the key's passphrase. This is
80 automatic when you are generating a new key, but not when you
81 are modifying an existing key.
82 In the third phase, puttygen saves the key or information about it. The
84 options to control this are:
85 -O output-type
87 Specify the type of output you want puttygen to produce. Accept‐
88 able options are:
89 private
91 Save the private key in a format usable by PuTTY. This
92 will either be the standard SSH-1 key format, or PuTTY's
93 own SSH-2 key format.
94 public Save the public key only. For SSH-1 keys, the standard
96 public key format will be used (`1024 37 5698745...').
97 For SSH-2 keys, the public key will be output in the for‐
98 mat specified by RFC 4716, which is a multi-line text
99 file beginning with the line `---- BEGIN SSH2 PUBLIC KEY
100 ----'.
101 public-openssh
103 Save the public key only, in a format usable by OpenSSH.
104 For SSH-1 keys, this output format behaves identically to
105 public. For SSH-2 keys, the public key will be output in
106 the OpenSSH format, which is a single line (`ssh-rsa
107 AAAAB3NzaC1yc2...').
108 fingerprint
110 Print the fingerprint of the public key. All fingerprint‐
111 ing algorithms are believed compatible with OpenSSH.
112 private-openssh
114 Save an SSH-2 private key in OpenSSH's format, using the
115 oldest format available to maximise backward compatibil‐
116 ity. This option is not permitted for SSH-1 keys.
117 private-openssh-new
119 As private-openssh, except that it forces the use of
120 OpenSSH's newer format even for RSA, DSA, and ECDSA keys.
121 private-sshcom
123 Save an SSH-2 private key in ssh.com's format. This
124 option is not permitted for SSH-1 keys.
125 If no output type is specified, the default is private.
127 -o output-file
129 Specify the file where puttygen should write its output. If this
130 option is not specified, puttygen will assume you want to over‐
131 write the original file if the input and output file types are
132 the same (changing a comment or passphrase), and will assume you
133 want to output to stdout if you are asking for a public key or
134 fingerprint. Otherwise, the -o option is required.
135 -l Synonym for `-O fingerprint'.
137 -L Synonym for `-O public-openssh'.
139 -p Synonym for `-O public'.
141 --new-passphrase file
143 Specify a file name; the first line will be read from this file
144 (removing any trailing newline) and used as the new passphrase.
145 If the file is empty then the saved key will be unencrypted.
146 CAUTION: If the passphrase is important, the file should be
147 stored on a temporary filesystem or else securely erased after
148 use.
149 The following options do not run PuTTYgen as normal, but print informa‐
151 tional messages and then quit:
152 -h, --help
154 Display a message summarizing the available options.
155 -V, --version
157 Display the version of PuTTYgen.
158 --pgpfp
160 Display the fingerprints of the PuTTY PGP Master Keys, to aid in
161 verifying new files released by the PuTTY team.
162
164 To generate an SSH-2 RSA key pair and save it in PuTTY's own format
165 (you will be prompted for the passphrase):
166 puttygen -t rsa -C "my home key" -o mykey.ppk
168 To generate a larger (4096-bit) key:
170 puttygen -t rsa -b 4096 -C "my home key" -o mykey.ppk
172 To change the passphrase on a key (you will be prompted for the old and
174 new passphrases):
175 puttygen -P mykey.ppk
177 To change the comment on a key:
179 puttygen -C "new comment" mykey.ppk
181 To convert a key into OpenSSH's private key format:
183 puttygen mykey.ppk -O private-openssh -o my-openssh-key
185 To convert a key from another format (puttygen will automatically
187 detect the input key type):
188 puttygen my-ssh.com-key -o mykey.ppk
190 To display the fingerprint of a key (some key types require a
192 passphrase to extract even this much information):
193 puttygen -l mykey.ppk
195 To add the OpenSSH-format public half of a key to your authorised keys
197 file:
198 puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
200PuTTY tool suite 2004‐03‐24 puttygen(1)