1puttygen(1) PuTTY tool suite puttygen(1)
2
3
4
6 puttygen - public-key generator for the PuTTY tools
7
9 puttygen ( keyfile | -t keytype [ -b bits ] )
10 [ -C new-comment ] [ -P ] [ -q ]
11 [ -O output-type | -l | -L | -p ]
12 [ -o output-file ]
13
15 puttygen is a tool to generate and manipulate SSH public and private
16 key pairs. It is part of the PuTTY suite, although it can also interop‐
17 erate with the private key formats used by some other SSH clients.
18
19 When you run puttygen, it does three things. Firstly, it either loads
20 an existing key file (if you specified keyfile), or generates a new key
21 (if you specified keytype). Then, it optionally makes modifications to
22 the key (changing the comment and/or the passphrase); finally, it out‐
23 puts the key, or some information about the key, to a file.
24
25 All three of these phases are controlled by the options described in
26 the following section.
27
29 In the first phase, puttygen either loads or generates a key. The
30 options to control this are:
31
32 keyfile
33 Specify a private key file to be loaded. This private key file
34 can be in the (de facto standard) SSH-1 key format, or in
35 PuTTY's SSH-2 key format, or in either of the SSH-2 private key
36 formats used by OpenSSH and ssh.com's implementation.
37
38 -t keytype
39 Specify a type of key to generate. The acceptable values here
40 are rsa and dsa (to generate SSH-2 keys), and rsa1 (to generate
41 SSH-1 keys).
42
43 -b bits
44 Specify the size of the key to generate, in bits. Default is
45 1024.
46
47 -q Suppress the progress display when generating a new key.
48
49 In the second phase, puttygen optionally alters properties of the key
50 it has loaded or generated. The options to control this are:
51
52 -C new-comment
53 Specify a comment string to describe the key. This comment
54 string will be used by PuTTY to identify the key to you (when
55 asking you to enter the passphrase, for example, so that you
56 know which passphrase to type).
57
58 -P Indicate that you want to change the key's passphrase. This is
59 automatic when you are generating a new key, but not when you
60 are modifying an existing key.
61
62 In the third phase, puttygen saves the key or information about it. The
63 options to control this are:
64
65 -O output-type
66 Specify the type of output you want puttygen to produce. Accept‐
67 able options are:
68
69 private
70 Save the private key in a format usable by PuTTY. This
71 will either be the standard SSH-1 key format, or PuTTY's
72 own SSH-2 key format.
73
74 public Save the public key only. For SSH-1 keys, the standard
75 public key format will be used (`1024 37 5698745...').
76 For SSH-2 keys, the public key will be output in the for‐
77 mat specified by RFC 4716, which is a multi-line text
78 file beginning with the line `---- BEGIN SSH2 PUBLIC KEY
79 ----'.
80
81 public-openssh
82 Save the public key only, in a format usable by OpenSSH.
83 For SSH-1 keys, this output format behaves identically to
84 public. For SSH-2 keys, the public key will be output in
85 the OpenSSH format, which is a single line (`ssh-rsa
86 AAAAB3NzaC1yc2...').
87
88 fingerprint
89 Print the fingerprint of the public key. All fingerprint‐
90 ing algorithms are believed compatible with OpenSSH.
91
92 private-openssh
93 Save an SSH-2 private key in OpenSSH's format. This
94 option is not permitted for SSH-1 keys.
95
96 private-sshcom
97 Save an SSH-2 private key in ssh.com's format. This
98 option is not permitted for SSH-1 keys.
99
100 If no output type is specified, the default is private.
101
102 -o output-file
103 Specify the file where puttygen should write its output. If this
104 option is not specified, puttygen will assume you want to over‐
105 write the original file if the input and output file types are
106 the same (changing a comment or passphrase), and will assume you
107 want to output to stdout if you are asking for a public key or
108 fingerprint. Otherwise, the -o option is required.
109
110 -l Synonym for `-O fingerprint'.
111
112 -L Synonym for `-O public-openssh'.
113
114 -p Synonym for `-O public'.
115
116 The following options do not run PuTTYgen as normal, but print informa‐
117 tional messages and then quit:
118
119 -h, --help
120 Display a message summarizing the available options.
121
122 -V, --version
123 Display the version of PuTTYgen.
124
125 --pgpfp
126 Display the fingerprints of the PuTTY PGP Master Keys, to aid in
127 verifying new files released by the PuTTY team.
128
130 To generate an SSH-2 RSA key pair and save it in PuTTY's own format
131 (you will be prompted for the passphrase):
132
133 puttygen -t rsa -C "my home key" -o mykey.ppk
134
135 To generate a larger (2048-bit) key:
136
137 puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk
138
139 To change the passphrase on a key (you will be prompted for the old and
140 new passphrases):
141
142 puttygen -P mykey.ppk
143
144 To change the comment on a key:
145
146 puttygen -C "new comment" mykey.ppk
147
148 To convert a key into OpenSSH's private key format:
149
150 puttygen mykey.ppk -O private-openssh -o my-openssh-key
151
152 To convert a key from another format (puttygen will automatically
153 detect the input key type):
154
155 puttygen my-ssh.com-key -o mykey.ppk
156
157 To display the fingerprint of a key (some key types require a
158 passphrase to extract even this much information):
159
160 puttygen -l mykey.ppk
161
162 To add the OpenSSH-format public half of a key to your authorised keys
163 file:
164
165 puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys
166
168 There's currently no way to supply passphrases in batch mode, or even
169 just to specify that you don't want a passphrase at all.
170
171
172
173PuTTY tool suite 2004‐03‐24 puttygen(1)