From: Jacob Nevins <jacobn@chiark.greenend.org.uk>
Date: Sat, 28 Feb 2015 19:08:15 +0000 (+0000)
Subject: Minimal documentation for ECDSA/ECDH support.
X-Git-Tag: 0.68~624
X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=commitdiff_plain;h=80bd6a01aae5348c3aa826661fb497afbeb4ffa7;p=PuTTY.git

Minimal documentation for ECDSA/ECDH support.
---

diff --git a/doc/config.but b/doc/config.but
index 0f8175f2..9044f9d8 100644
--- a/doc/config.but
+++ b/doc/config.but
@@ -2382,15 +2382,17 @@ PuTTY supports a variety of SSH-2 key exchange methods, and allows you
 to choose which one you prefer to use; configuration is similar to
 cipher selection (see \k{config-ssh-encryption}).
 
-PuTTY currently supports the following varieties of \i{Diffie-Hellman key
-exchange}:
+PuTTY currently supports the following key exchange methods:
 
-\b \q{Group 14}: a well-known 2048-bit group.
+\b \q{ECDH}: \i{elliptic curve} \i{Diffie-Hellman key exchange}.
 
-\b \q{Group 1}: a well-known 1024-bit group. This is less secure
-\#{FIXME better words} than group 14, but may be faster with slow
-client or server machines, and may be the only method supported by
-older server software.
+\b \q{Group 14}: Diffie-Hellman key exchange with a well-known
+2048-bit group.
+
+\b \q{Group 1}: Diffie-Hellman key exchange with a well-known
+1024-bit group. This is less secure \#{FIXME better words} than
+group 14, but may be faster with slow client or server machines,
+and may be the only method supported by older server software.
 
 \b \q{\ii{Group exchange}}: with this method, instead of using a fixed
 group, PuTTY requests that the server suggest a group to use for key
@@ -2398,9 +2400,9 @@ exchange; the server can avoid groups known to be weak, and possibly
 invent new ones over time, without any changes required to PuTTY's
 configuration. We recommend use of this method, if possible.
 
-In addition, PuTTY supports \i{RSA key exchange}, which requires much less
-computational effort on the part of the client, and somewhat less on
-the part of the server, than Diffie-Hellman key exchange.
+\b \q{\i{RSA key exchange}}: this requires much less computational
+effort on the part of the client, and somewhat less on the part of
+the server, than Diffie-Hellman key exchange.
 
 If the first algorithm PuTTY finds is below the \q{warn below here}
 line, you will see a warning box when you make the connection, similar
diff --git a/doc/pageant.but b/doc/pageant.but
index b99b758b..7aecbc69 100644
--- a/doc/pageant.but
+++ b/doc/pageant.but
@@ -71,7 +71,8 @@ For each key, the list box will tell you:
 
 \b The type of the key. Currently, this can be \c{ssh1} (an RSA key
 for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
-with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
+with the SSH-2 protocol), \c{ssh-dss} (a DSA key for use with
+the SSH-2 protocol), or \c{ecdsa-sha2-*} (an ECDSA key for use with
 the SSH-2 protocol).
 
 \b The size (in bits) of the key.
diff --git a/doc/pubkey.but b/doc/pubkey.but
index 137dba23..dc8beae2 100644
--- a/doc/pubkey.but
+++ b/doc/pubkey.but
@@ -55,9 +55,9 @@ disk. Many people feel this is a good compromise between security
 and convenience. See \k{pageant} for further details.
 
 There is more than one \i{public-key algorithm} available. The most
-common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as
-DSS), the USA's federal Digital Signature Standard. The key types
-supported by PuTTY are described in \k{puttygen-keytype}.
+common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA}
+(otherwise known as DSS), the USA's federal Digital Signature Standard.
+The key types supported by PuTTY are described in \k{puttygen-keytype}.
 
 \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
 
@@ -66,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}.
 PuTTYgen is a key generator. It \I{generating keys}generates pairs of
 public and private keys to be used with PuTTY, PSCP, and Plink, as well
 as the PuTTY authentication agent, Pageant (see \k{pageant}).  PuTTYgen
-generates RSA and DSA keys.
+generates RSA, DSA, and ECDSA keys.
 
 When you run PuTTYgen you will see a window where you have two
 choices: \q{Generate}, to generate a new public/private key pair, or
@@ -118,14 +118,17 @@ of key:
 
 \b A \i{DSA} key for use with the SSH-2 protocol.
 
+\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
+SSH-2 protocol.
+
 The SSH-1 protocol only supports RSA keys; if you will be connecting
 using the SSH-1 protocol, you must select the first key type or your
 key will be completely useless.
 
-The SSH-2 protocol supports more than one key type. The two types
-supported by PuTTY are RSA and DSA.
+The SSH-2 protocol supports more than one key type. The types
+supported by PuTTY are RSA, DSA, and ECDSA.
 
-The PuTTY developers \e{strongly} recommend you use RSA.
+The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!}
 \I{security risk}\i{DSA} has an intrinsic weakness which makes it very
 easy to create a signature which contains enough information to give
 away the \e{private} key!
@@ -147,7 +150,10 @@ more than one server.
 The \q{Number of bits} input box allows you to choose the strength
 of the key PuTTYgen will generate.
 
-Currently 1024 bits should be sufficient for most purposes.
+For RSA, 2048 bits should currently be sufficient for most purposes.
+\#{FIXME: DSA}
+For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
+equivalent security to RSA with smaller key sizes.)
 
 \S{puttygen-generate} The \q{Generate} button