1puttygen(1) PuTTY tool suite puttygen(1)
2
3
4
6 puttygen - public-key generator for the PuTTY tools
7
9 puttygen ( keyfile | -t keytype [ -b bits ] )
10 [ -C new-comment ] [ -P ] [ -q ]
11 [ -O output-type | -l | -L | -p ]
12 [ -o output-file ]
13
15 puttygen is a tool to generate and manipulate SSH public and private
16 key pairs. It is part of the PuTTY suite, although it can also interop‐
17 erate with the key formats used by some other SSH clients.
18
19 When you run puttygen, it does three things. Firstly, it either loads
20 an existing key file (if you specified keyfile), or generates a new key
21 (if you specified keytype). Then, it optionally makes modifications to
22 the key (changing the comment and/or the passphrase); finally, it out‐
23 puts the key, or some information about the key, to a file.
24
25 All three of these phases are controlled by the options described in
26 the following section.
27
29 In the first phase, puttygen either loads or generates a key. Note that
30 generating a key requires random data, which can cause puttygen to
31 pause, possibly for some time if your system does not have much random‐
32 ness available.
33
34 The options to control this phase are:
35
36 keyfile
37 Specify a key file to be loaded.
38
39 Usually this will be a private key, which can be in the (de
40 facto standard) SSH-1 key format, or in PuTTY's SSH-2 key for‐
41 mat, or in either of the SSH-2 private key formats used by
42 OpenSSH and ssh.com's implementation.
43
44 You can also specify a file containing only a public key here.
45 The operations you can do are limited to outputting another pub‐
46 lic key format or a fingerprint. Public keys can be in RFC 4716
47 or OpenSSH format, or the standard SSH-1 format.
48
49 -t keytype
50 Specify a type of key to generate. The acceptable values here
51 are rsa, dsa, ecdsa, and ed25519 (to generate SSH-2 keys), and
52 rsa1 (to generate SSH-1 keys).
53
54 -b bits
55 Specify the size of the key to generate, in bits. Default is
56 2048.
57
58 -q Suppress the progress display when generating a new key.
59
60 --old-passphrase file
61 Specify a file name; the first line will be read from this file
62 (removing any trailing newline) and used as the old passphrase.
63 CAUTION: If the passphrase is important, the file should be
64 stored on a temporary filesystem or else securely erased after
65 use.
66
67 --random-device device
68 Specify device to read entropy from. By default, puttygen uses
69 /dev/urandom, falling back to /dev/random if it has to.
70
71 In the second phase, puttygen optionally alters properties of the key
72 it has loaded or generated. The options to control this are:
73
74 -C new-comment
75 Specify a comment string to describe the key. This comment
76 string will be used by PuTTY to identify the key to you (when
77 asking you to enter the passphrase, for example, so that you
78 know which passphrase to type).
79
80 -P Indicate that you want to change the key's passphrase. This is
81 automatic when you are generating a new key, but not when you
82 are modifying an existing key.
83
84 In the third phase, puttygen saves the key or information about it. The
85 options to control this are:
86
87 -O output-type
88 Specify the type of output you want puttygen to produce. Accept‐
89 able options are:
90
91 private
92 Save the private key in a format usable by PuTTY. This
93 will either be the standard SSH-1 key format, or PuTTY's
94 own SSH-2 key format.
95
96 public Save the public key only. For SSH-1 keys, the standard
97 public key format will be used (`1024 37 5698745...').
98 For SSH-2 keys, the public key will be output in the for‐
99 mat specified by RFC 4716, which is a multi-line text
100 file beginning with the line `---- BEGIN SSH2 PUBLIC KEY
101 ----'.
102
103 public-openssh
104 Save the public key only, in a format usable by OpenSSH.
105 For SSH-1 keys, this output format behaves identically to
106 public. For SSH-2 keys, the public key will be output in
107 the OpenSSH format, which is a single line (`ssh-rsa
108 AAAAB3NzaC1yc2...').
109
110 fingerprint
111 Print the fingerprint of the public key. All fingerprint‐
112 ing algorithms are believed compatible with OpenSSH.
113
114 private-openssh
115 Save an SSH-2 private key in OpenSSH's format, using the
116 oldest format available to maximise backward compatibil‐
117 ity. This option is not permitted for SSH-1 keys.
118
119 private-openssh-new
120 As private-openssh, except that it forces the use of
121 OpenSSH's newer format even for RSA, DSA, and ECDSA keys.
122
123 private-sshcom
124 Save an SSH-2 private key in ssh.com's format. This
125 option is not permitted for SSH-1 keys.
126
127 If no output type is specified, the default is private.
128
129 -o output-file
130 Specify the file where puttygen should write its output. If this
131 option is not specified, puttygen will assume you want to over‐
132 write the original file if the input and output file types are
133 the same (changing a comment or passphrase), and will assume you
134 want to output to stdout if you are asking for a public key or
135 fingerprint. Otherwise, the -o option is required.
136
137 -l Synonym for `-O fingerprint'.
138
139 -L Synonym for `-O public-openssh'.
140
141 -p Synonym for `-O public'.
142
143 --new-passphrase file
144 Specify a file name; the first line will be read from this file
145 (removing any trailing newline) and used as the new passphrase.
146 If the file is empty then the saved key will be unencrypted.
147 CAUTION: If the passphrase is important, the file should be
148 stored on a temporary filesystem or else securely erased after
149 use.
150
151 The following options do not run PuTTYgen as normal, but print informa‐
152 tional messages and then quit:
153
154 -h, --help
155 Display a message summarizing the available options.
156
157 -V, --version
158 Display the version of PuTTYgen.
159
160 --pgpfp
161 Display the fingerprints of the PuTTY PGP Master Keys, to aid in
162 verifying new files released by the PuTTY team.
163
165 To generate an SSH-2 RSA key pair and save it in PuTTY's own format
166 (you will be prompted for the passphrase):
167
168 puttygen -t rsa -C "my home key" -o mykey.ppk
169
170 To generate a larger (4096-bit) key:
171
172 puttygen -t rsa -b 4096 -C "my home key" -o mykey.ppk
173
174 To change the passphrase on a key (you will be prompted for the old and
175 new passphrases):
176
177 puttygen -P mykey.ppk
178
179 To change the comment on a key:
180
181 puttygen -C "new comment" mykey.ppk
182
183 To convert a key into OpenSSH's private key format:
184
185 puttygen mykey.ppk -O private-openssh -o my-openssh-key
186
187 To convert a key from another format (puttygen will automatically
188 detect the input key type):
189
190 puttygen my-ssh.com-key -o mykey.ppk
191
192 To display the fingerprint of a key (some key types require a
193 passphrase to extract even this much information):
194
195 puttygen -l mykey.ppk
196
197 To add the OpenSSH-format public half of a key to your authorised keys
198 file:
199
200 puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
201
202
203
204PuTTY tool suite 2004‐03‐24 puttygen(1)