PuTTYgen's default hasn't been 1024 bits since 0.63.

[PuTTY.git] / doc / pubkey.but

diff --git a/doc/pubkey.but b/doc/pubkey.but
index db4431c50b51760784615b0629fb7851f3ca7e2d..dc8beae2bf8609d2364cb2a228eb4690cc1be2a1 100644 (file)
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@@ -1,5 +1,3 @@
-\define{versionidpubkey} \versionid $Id$
-

 \C{pubkey} Using public keys for SSH authentication
 
 \H{pubkey-intro} \ii{Public key authentication} - an introduction
 \C{pubkey} Using public keys for SSH authentication
 
 \H{pubkey-intro} \ii{Public key authentication} - an introduction


@@ -57,9 +55,9 @@ disk. Many people feel this is a good compromise between security
 and convenience. See \k{pageant} for further details.
 
 There is more than one \i{public-key algorithm} available. The most
 and convenience. See \k{pageant} for further details.
 
 There is more than one \i{public-key algorithm} available. The most

-common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as
-DSS), the USA's federal Digital Signature Standard. The key types
-supported by PuTTY are described in \k{puttygen-keytype}.
+common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA}
+(otherwise known as DSS), the USA's federal Digital Signature Standard.
+The key types supported by PuTTY are described in \k{puttygen-keytype}.

 
 \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
 
 
 \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
 


@@ -68,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}.
 PuTTYgen is a key generator. It \I{generating keys}generates pairs of
 public and private keys to be used with PuTTY, PSCP, and Plink, as well
 as the PuTTY authentication agent, Pageant (see \k{pageant}).  PuTTYgen
 PuTTYgen is a key generator. It \I{generating keys}generates pairs of
 public and private keys to be used with PuTTY, PSCP, and Plink, as well
 as the PuTTY authentication agent, Pageant (see \k{pageant}).  PuTTYgen

-generates RSA and DSA keys.
+generates RSA, DSA, and ECDSA keys.

 
 When you run PuTTYgen you will see a window where you have two
 choices: \q{Generate}, to generate a new public/private key pair, or
 
 When you run PuTTYgen you will see a window where you have two
 choices: \q{Generate}, to generate a new public/private key pair, or


@@ -120,14 +118,17 @@ of key:
 
 \b A \i{DSA} key for use with the SSH-2 protocol.
 
 
 \b A \i{DSA} key for use with the SSH-2 protocol.
 

+\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
+SSH-2 protocol.
+

 The SSH-1 protocol only supports RSA keys; if you will be connecting
 using the SSH-1 protocol, you must select the first key type or your
 key will be completely useless.
 
 The SSH-1 protocol only supports RSA keys; if you will be connecting
 using the SSH-1 protocol, you must select the first key type or your
 key will be completely useless.
 

-The SSH-2 protocol supports more than one key type. The two types
-supported by PuTTY are RSA and DSA.
+The SSH-2 protocol supports more than one key type. The types
+supported by PuTTY are RSA, DSA, and ECDSA.

 
 

-The PuTTY developers \e{strongly} recommend you use RSA.
+The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!}

 \I{security risk}\i{DSA} has an intrinsic weakness which makes it very
 easy to create a signature which contains enough information to give
 away the \e{private} key!
 \I{security risk}\i{DSA} has an intrinsic weakness which makes it very
 easy to create a signature which contains enough information to give
 away the \e{private} key!


@@ -149,19 +150,10 @@ more than one server.
 The \q{Number of bits} input box allows you to choose the strength
 of the key PuTTYgen will generate.
 
 The \q{Number of bits} input box allows you to choose the strength
 of the key PuTTYgen will generate.
 

-Currently 1024 bits should be sufficient for most purposes.
-
-Note that an RSA key is generated by finding two primes of half the
-length requested, and then multiplying them together. For example,
-if you ask PuTTYgen for a 1024-bit RSA key, it will create two
-512-bit primes and multiply them. The result of this multiplication
-might be 1024 bits long, or it might be only 1023; so you may not
-get the exact length of key you asked for. This is perfectly normal,
-and you do not need to worry. The lengths should only ever differ by
-one, and there is no perceptible drop in security as a result.
-
-DSA keys are not created by multiplying primes together, so they
-should always be exactly the length you asked for.
+For RSA, 2048 bits should currently be sufficient for most purposes.
+\#{FIXME: DSA}
+For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
+equivalent security to RSA with smaller key sizes.)

 
 \S{puttygen-generate} The \q{Generate} button
 
 
 \S{puttygen-generate} The \q{Generate} button
 


@@ -243,7 +235,7 @@ If you leave the passphrase fields blank, the key will be saved
 unencrypted. You should \e{not} do this without good reason; if you
 do, your private key file on disk will be all an attacker needs to
 gain access to any machine configured to accept that key. If you
 unencrypted. You should \e{not} do this without good reason; if you
 do, your private key file on disk will be all an attacker needs to
 gain access to any machine configured to accept that key. If you

-want to be able to \i{passwordless login}log in without having to
+want to be able to \I{passwordless login}log in without having to

 type a passphrase every time, you should consider using Pageant
 (\k{pageant}) so that your decrypted key is only held in memory
 rather than on disk.
 type a passphrase every time, you should consider using Pageant
 (\k{pageant}) so that your decrypted key is only held in memory
 rather than on disk.