X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=doc%2Fpubkey.but;h=f9f894f7980bc78e7ee581b7a1c68d354127688a;hb=145ecf611238c4f1e39d89d3eee40319a2c54fe8;hp=f1223a4f7ee08ede8717a61396df82a5611c398f;hpb=4c77e323054a749125c6d41373ea126f5d0aef81;p=PuTTY.git diff --git a/doc/pubkey.but b/doc/pubkey.but index f1223a4f..f9f894f7 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -1,5 +1,3 @@ -\define{versionidpubkey} \versionid $Id$ - \C{pubkey} Using public keys for SSH authentication \H{pubkey-intro} \ii{Public key authentication} - an introduction @@ -57,9 +55,9 @@ disk. Many people feel this is a good compromise between security and convenience. See \k{pageant} for further details. There is more than one \i{public-key algorithm} available. The most -common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as -DSS), the USA's federal Digital Signature Standard. The key types -supported by PuTTY are described in \k{puttygen-keytype}. +common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA} +(otherwise known as DSS), the USA's federal Digital Signature Standard. +The key types supported by PuTTY are described in \k{puttygen-keytype}. \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator @@ -68,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}. PuTTYgen is a key generator. It \I{generating keys}generates pairs of public and private keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen -generates RSA and DSA keys. +generates RSA, DSA, ECDSA, and Ed25519 keys. When you run PuTTYgen you will see a window where you have two choices: \q{Generate}, to generate a new public/private key pair, or @@ -111,7 +109,7 @@ server to accept it. \cfg{winhelp-topic}{puttygen.keytype} Before generating a key pair using PuTTYgen, you need to select -which type of key you need. PuTTYgen currently supports three types +which type of key you need. PuTTYgen currently supports these types of key: \b An \i{RSA} key for use with the SSH-1 protocol. @@ -120,27 +118,18 @@ of key: \b A \i{DSA} key for use with the SSH-2 protocol. +\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the +SSH-2 protocol. + +\b An \i{Ed25519} key (another elliptic curve algorithm) for use +with the SSH-2 protocol. + The SSH-1 protocol only supports RSA keys; if you will be connecting using the SSH-1 protocol, you must select the first key type or your key will be completely useless. -The SSH-2 protocol supports more than one key type. The two types -supported by PuTTY are RSA and DSA. - -The PuTTY developers \e{strongly} recommend you use RSA. -\I{security risk}\i{DSA} has an intrinsic weakness which makes it very -easy to create a signature which contains enough information to give -away the \e{private} key! -This would allow an attacker to pretend to be you for any number of -future sessions. PuTTY's implementation has taken very careful -precautions to avoid this weakness, but we cannot be 100% certain we -have managed it, and if you have the choice we strongly recommend -using RSA keys instead. - -If you really need to connect to an SSH server which only supports -DSA, then you probably have no choice but to use DSA. If you do use -DSA, we recommend you do not use the same key to authenticate with -more than one server. +The SSH-2 protocol supports more than one key type. The types +supported by PuTTY are RSA, DSA, ECDSA, and Ed25519. \S{puttygen-strength} Selecting the size (strength) of the key @@ -149,19 +138,14 @@ more than one server. The \q{Number of bits} input box allows you to choose the strength of the key PuTTYgen will generate. -Currently 1024 bits should be sufficient for most purposes. +\b For RSA, 2048 bits should currently be sufficient for most purposes. + +\#{FIXME: advice for DSA?} -Note that an RSA key is generated by finding two primes of half the -length requested, and then multiplying them together. For example, -if you ask PuTTYgen for a 1024-bit RSA key, it will create two -512-bit primes and multiply them. The result of this multiplication -might be 1024 bits long, or it might be only 1023; so you may not -get the exact length of key you asked for. This is perfectly normal, -and you do not need to worry. The lengths should only ever differ by -one, and there is no perceptible drop in security as a result. +\b For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers +equivalent security to RSA with smaller key sizes.) -DSA keys are not created by multiplying primes together, so they -should always be exactly the length you asked for. +\b For Ed25519, the only valid size is 256 bits. \S{puttygen-generate} The \q{Generate} button @@ -197,7 +181,8 @@ appear in the window to indicate this. The \q{Key fingerprint} box shows you a fingerprint value for the generated key. This is derived cryptographically from the \e{public} -key value, so it doesn't need to be kept secret. +key value, so it doesn't need to be kept secret; it is supposed to +be more manageable for human beings than the public key itself. The fingerprint value is intended to be cryptographically secure, in the sense that it is computationally infeasible for someone to @@ -243,7 +228,7 @@ If you leave the passphrase fields blank, the key will be saved unencrypted. You should \e{not} do this without good reason; if you do, your private key file on disk will be all an attacker needs to gain access to any machine configured to accept that key. If you -want to be able to \i{passwordless login}log in without having to +want to be able to \I{passwordless login}log in without having to type a passphrase every time, you should consider using Pageant (\k{pageant}) so that your decrypted key is only held in memory rather than on disk. @@ -291,8 +276,8 @@ will need to tell PuTTY to use for authentication (see \cfg{winhelp-topic}{puttygen.savepub} -The SSH-2 protocol drafts specify a \I{SSH-2 public key format}standard -format for storing public keys on disk. Some SSH servers (such as +RFC 4716 specifies a \I{SSH-2 public key format}standard format for +storing SSH-2 public keys on disk. Some SSH servers (such as \i\cw{ssh.com}'s) require a public key in this format in order to accept authentication with the corresponding private key. (Others, such as OpenSSH, use a different format; see \k{puttygen-pastekey}.) @@ -382,6 +367,16 @@ saving it (see \k{puttygen-savepriv}) - you need to have typed your passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase. +For OpenSSH there are two options. Modern OpenSSH actually has two +formats it uses for storing private keys. \q{Export OpenSSH key} +will automatically choose the oldest format supported for the key +type, for maximum backward compatibility with older versions of +OpenSSH; for newer key types like Ed25519, it will use the newer +format as that is the only legal option. If you have some specific +reason for wanting to use OpenSSH's newer format even for RSA, DSA, +or ECDSA keys, you can choose \q{Export OpenSSH key (force new file +format)}. + Note that since only SSH-2 keys come in different formats, the export options are not available if you have generated an SSH-1 key.