1puttygen(1) PuTTY tool suite puttygen(1)
2
6 puttygen - public-key generator for the PuTTY tools
7
9 puttygen ( keyfile | -t keytype [ -b bits ] )
10 [ -C new-comment ] [ -P ] [ -q ]
11 [ -O output-type | -l | -L | -p ]
12 [ -o output-file ]
13
15 puttygen is a tool to generate and manipulate SSH public and private
16 key pairs. It is part of the PuTTY suite, although it can also interop‐
17 erate with the key formats used by some other SSH clients.
18 When you run puttygen, it does three things. Firstly, it either loads
20 an existing key file (if you specified keyfile), or generates a new key
21 (if you specified keytype). Then, it optionally makes modifications to
22 the key (changing the comment and/or the passphrase); finally, it out‐
23 puts the key, or some information about the key, to a file.
24 All three of these phases are controlled by the options described in
26 the following section.
27
29 In the first phase, puttygen either loads or generates a key. Note that
30 generating a key requires random data, which can cause puttygen to
31 pause, possibly for some time if your system does not have much random‐
32 ness available.
33 The options to control this phase are:
35 keyfile
37 Specify a key file to be loaded.
38 Usually this will be a private key, which can be in the (de
40 facto standard) SSH-1 key format, or in PuTTY's SSH-2 key for‐
41 mat, or in either of the SSH-2 private key formats used by
42 OpenSSH and ssh.com's implementation.
43 You can also specify a file containing only a public key here.
45 The operations you can do are limited to outputting another pub‐
46 lic key format or a fingerprint. Public keys can be in RFC 4716
47 or OpenSSH format, or the standard SSH-1 format.
48 -t keytype
50 Specify a type of key to generate. The acceptable values here
51 are rsa, dsa, ecdsa, and ed25519 (to generate SSH-2 keys), and
52 rsa1 (to generate SSH-1 keys).
53 -b bits
55 Specify the size of the key to generate, in bits. Default is
56 2048.
57 -q Suppress the progress display when generating a new key.
59 --old-passphrase file
61 Specify a file name; the first line will be read from this file
62 (removing any trailing newline) and used as the old passphrase.
63 CAUTION: If the passphrase is important, the file should be
64 stored on a temporary filesystem or else securely erased after
65 use.
66 --random-device device
68 Specify device to read entropy from. By default, puttygen uses
69 /dev/urandom, falling back to /dev/random if it has to.
70 In the second phase, puttygen optionally alters properties of the key
72 it has loaded or generated. The options to control this are:
73 -C new-comment
75 Specify a comment string to describe the key. This comment
76 string will be used by PuTTY to identify the key to you (when
77 asking you to enter the passphrase, for example, so that you
78 know which passphrase to type).
79 -P Indicate that you want to change the key's passphrase. This is
81 automatic when you are generating a new key, but not when you
82 are modifying an existing key.
83 In the third phase, puttygen saves the key or information about it. The
85 options to control this are:
86 -O output-type
88 Specify the type of output you want puttygen to produce. Accept‐
89 able options are:
90 private
92 Save the private key in a format usable by PuTTY. This
93 will either be the standard SSH-1 key format, or PuTTY's
94 own SSH-2 key format.
95 public Save the public key only. For SSH-1 keys, the standard
97 public key format will be used (`1024 37 5698745...').
98 For SSH-2 keys, the public key will be output in the for‐
99 mat specified by RFC 4716, which is a multi-line text
100 file beginning with the line `---- BEGIN SSH2 PUBLIC KEY
101 ----'.
102 public-openssh
104 Save the public key only, in a format usable by OpenSSH.
105 For SSH-1 keys, this output format behaves identically to
106 public. For SSH-2 keys, the public key will be output in
107 the OpenSSH format, which is a single line (`ssh-rsa
108 AAAAB3NzaC1yc2...').
109 fingerprint
111 Print the fingerprint of the public key. All fingerprint‐
112 ing algorithms are believed compatible with OpenSSH.
113 private-openssh
115 Save an SSH-2 private key in OpenSSH's format, using the
116 oldest format available to maximise backward compatibil‐
117 ity. This option is not permitted for SSH-1 keys.
118 private-openssh-new
120 As private-openssh, except that it forces the use of
121 OpenSSH's newer format even for RSA, DSA, and ECDSA keys.
122 private-sshcom
124 Save an SSH-2 private key in ssh.com's format. This
125 option is not permitted for SSH-1 keys.
126 If no output type is specified, the default is private.
128 -o output-file
130 Specify the file where puttygen should write its output. If this
131 option is not specified, puttygen will assume you want to over‐
132 write the original file if the input and output file types are
133 the same (changing a comment or passphrase), and will assume you
134 want to output to stdout if you are asking for a public key or
135 fingerprint. Otherwise, the -o option is required.
136 -l Synonym for `-O fingerprint'.
138 -L Synonym for `-O public-openssh'.
140 -p Synonym for `-O public'.
142 --new-passphrase file
144 Specify a file name; the first line will be read from this file
145 (removing any trailing newline) and used as the new passphrase.
146 If the file is empty then the saved key will be unencrypted.
147 CAUTION: If the passphrase is important, the file should be
148 stored on a temporary filesystem or else securely erased after
149 use.
150 The following options do not run PuTTYgen as normal, but print informa‐
152 tional messages and then quit:
153 -h, --help
155 Display a message summarizing the available options.
156 -V, --version
158 Display the version of PuTTYgen.
159 --pgpfp
161 Display the fingerprints of the PuTTY PGP Master Keys, to aid in
162 verifying new files released by the PuTTY team.
163
165 To generate an SSH-2 RSA key pair and save it in PuTTY's own format
166 (you will be prompted for the passphrase):
167 puttygen -t rsa -C "my home key" -o mykey.ppk
169 To generate a larger (4096-bit) key:
171 puttygen -t rsa -b 4096 -C "my home key" -o mykey.ppk
173 To change the passphrase on a key (you will be prompted for the old and
175 new passphrases):
176 puttygen -P mykey.ppk
178 To change the comment on a key:
180 puttygen -C "new comment" mykey.ppk
182 To convert a key into OpenSSH's private key format:
184 puttygen mykey.ppk -O private-openssh -o my-openssh-key
186 To convert a key from another format (puttygen will automatically
188 detect the input key type):
189 puttygen my-ssh.com-key -o mykey.ppk
191 To display the fingerprint of a key (some key types require a
193 passphrase to extract even this much information):
194 puttygen -l mykey.ppk
196 To add the OpenSSH-format public half of a key to your authorised keys
198 file:
199 puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
201PuTTY tool suite 2004‐03‐24 puttygen(1)