-\define{versionidpubkey} \versionid $Id$
-
\C{pubkey} Using public keys for SSH authentication
\H{pubkey-intro} \ii{Public key authentication} - an introduction
and convenience. See \k{pageant} for further details.
There is more than one \i{public-key algorithm} available. The most
-common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as
-DSS), the USA's federal Digital Signature Standard. The key types
-supported by PuTTY are described in \k{puttygen-keytype}.
+common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA}
+(otherwise known as DSS), the USA's federal Digital Signature Standard.
+The key types supported by PuTTY are described in \k{puttygen-keytype}.
\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
PuTTYgen is a key generator. It \I{generating keys}generates pairs of
public and private keys to be used with PuTTY, PSCP, and Plink, as well
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
-generates RSA and DSA keys.
+generates RSA, DSA, and ECDSA keys.
When you run PuTTYgen you will see a window where you have two
choices: \q{Generate}, to generate a new public/private key pair, or
\b A \i{DSA} key for use with the SSH-2 protocol.
+\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
+SSH-2 protocol.
+
The SSH-1 protocol only supports RSA keys; if you will be connecting
using the SSH-1 protocol, you must select the first key type or your
key will be completely useless.
-The SSH-2 protocol supports more than one key type. The two types
-supported by PuTTY are RSA and DSA.
+The SSH-2 protocol supports more than one key type. The types
+supported by PuTTY are RSA, DSA, and ECDSA.
-The PuTTY developers \e{strongly} recommend you use RSA.
+The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!}
\I{security risk}\i{DSA} has an intrinsic weakness which makes it very
easy to create a signature which contains enough information to give
away the \e{private} key!
The \q{Number of bits} input box allows you to choose the strength
of the key PuTTYgen will generate.
-Currently 1024 bits should be sufficient for most purposes.
-
-Note that an RSA key is generated by finding two primes of half the
-length requested, and then multiplying them together. For example,
-if you ask PuTTYgen for a 1024-bit RSA key, it will create two
-512-bit primes and multiply them. The result of this multiplication
-might be 1024 bits long, or it might be only 1023; so you may not
-get the exact length of key you asked for. This is perfectly normal,
-and you do not need to worry. The lengths should only ever differ by
-one, and there is no perceptible drop in security as a result.
-
-DSA keys are not created by multiplying primes together, so they
-should always be exactly the length you asked for.
+For RSA, 2048 bits should currently be sufficient for most purposes.
+\#{FIXME: DSA}
+For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
+equivalent security to RSA with smaller key sizes.)
\S{puttygen-generate} The \q{Generate} button
unencrypted. You should \e{not} do this without good reason; if you
do, your private key file on disk will be all an attacker needs to
gain access to any machine configured to accept that key. If you
-want to be able to \i{passwordless login}log in without having to
+want to be able to \I{passwordless login}log in without having to
type a passphrase every time, you should consider using Pageant
(\k{pageant}) so that your decrypted key is only held in memory
rather than on disk.
\cfg{winhelp-topic}{puttygen.savepub}
-The SSH-2 protocol drafts specify a \I{SSH-2 public key format}standard
-format for storing public keys on disk. Some SSH servers (such as
+RFC 4716 specifies a \I{SSH-2 public key format}standard format for
+storing SSH-2 public keys on disk. Some SSH servers (such as
\i\cw{ssh.com}'s) require a public key in this format in order to accept
authentication with the corresponding private key. (Others, such as
OpenSSH, use a different format; see \k{puttygen-pastekey}.)