puttygen(1)							 PuTTY tool suite						       puttygen(1)

NAME

       puttygen - public-key generator for the PuTTY tools

SYNOPSIS

       puttygen ( keyfile | -t keytype [ -b bits ] )
		[ -C new-comment ] [ -P ] [ -q ]
		[ -O output-type | -l | -L | -p ]
		[ -o output-file ]

DESCRIPTION

       puttygen  is a tool to generate and manipulate SSH public and private key pairs. It is part of the PuTTY suite, although it can also inter-
       operate with the private key formats used by some other SSH clients.

       When you run puttygen, it does three things. Firstly, it either loads an existing key file (if you specified keyfile), or generates  a  new
       key  (if  you specified keytype). Then, it optionally makes modifications to the key (changing the comment and/or the passphrase); finally,
       it outputs the key, or some information about the key, to a file.

       All three of these phases are controlled by the options described in the following section.

OPTIONS

       In the first phase, puttygen either loads or generates a key. Note that generating a key requires random data (from /dev/random), which can
       cause puttygen to pause, possibly for some time if your system does not have much randomness available.

       The options to control this phase are:

       keyfile
	      Specify  a  private  key	file to be loaded. This private key file can be in the (de facto standard) SSH-1 key format, or in PuTTY's
	      SSH-2 key format, or in either of the SSH-2 private key formats used by OpenSSH and ssh.com's implementation.

       -t keytype
	      Specify a type of key to generate. The acceptable values here are rsa and dsa (to generate SSH-2 keys), and rsa1 (to generate  SSH-1
	      keys).

       -b bits
	      Specify the size of the key to generate, in bits. Default is 1024.

       -q     Suppress the progress display when generating a new key.

       In the second phase, puttygen optionally alters properties of the key it has loaded or generated. The options to control this are:

       -C new-comment
	      Specify  a comment string to describe the key. This comment string will be used by PuTTY to identify the key to you (when asking you
	      to enter the passphrase, for example, so that you know which passphrase to type).

       -P     Indicate that you want to change the key's passphrase. This is automatic when you are generating a new key, but  not  when  you  are
	      modifying an existing key.

       In the third phase, puttygen saves the key or information about it. The options to control this are:

       -O output-type
	      Specify the type of output you want puttygen to produce. Acceptable options are:

	      private
		     Save the private key in a format usable by PuTTY. This will either be the standard SSH-1 key format, or PuTTY's own SSH-2 key
		     format.

	      public Save the public key only. For SSH-1 keys, the standard public key format will be used (`1024 37 5698745...'). For SSH-2 keys,
		     the  public  key  will be output in the format specified by RFC 4716, which is a multi-line text file beginning with the line
		     `---- BEGIN SSH2 PUBLIC KEY ----'.

	      public-openssh
		     Save the public key only, in a format usable by OpenSSH. For SSH-1 keys, this output format behaves  identically  to  public.
		     For SSH-2 keys, the public key will be output in the OpenSSH format, which is a single line (`ssh-rsa AAAAB3NzaC1yc2...').

	      fingerprint
		     Print the fingerprint of the public key. All fingerprinting algorithms are believed compatible with OpenSSH.

	      private-openssh
		     Save an SSH-2 private key in OpenSSH's format. This option is not permitted for SSH-1 keys.

	      private-sshcom
		     Save an SSH-2 private key in ssh.com's format. This option is not permitted for SSH-1 keys.

	      If no output type is specified, the default is private.

       -o output-file
	      Specify the file where puttygen should write its output. If this option is not specified, puttygen will assume you want to overwrite
	      the original file if the input and output file types are the same (changing a comment or passphrase), and will assume  you  want	to
	      output to stdout if you are asking for a public key or fingerprint. Otherwise, the -o option is required.

       -l     Synonym for `-O fingerprint'.

       -L     Synonym for `-O public-openssh'.

       -p     Synonym for `-O public'.

       The following options do not run PuTTYgen as normal, but print informational messages and then quit:

       -h, --help
	      Display a message summarizing the available options.

       -V, --version
	      Display the version of PuTTYgen.

       --pgpfp
	      Display the fingerprints of the PuTTY PGP Master Keys, to aid in verifying new files released by the PuTTY team.

EXAMPLES

       To generate an SSH-2 RSA key pair and save it in PuTTY's own format (you will be prompted for the passphrase):

       puttygen -t rsa -C "my home key" -o mykey.ppk

       To generate a larger (2048-bit) key:

       puttygen -t rsa -b 2048 -C "my home key" -o mykey.ppk

       To change the passphrase on a key (you will be prompted for the old and new passphrases):

       puttygen -P mykey.ppk

       To change the comment on a key:

       puttygen -C "new comment" mykey.ppk

       To convert a key into OpenSSH's private key format:

       puttygen mykey.ppk -O private-openssh -o my-openssh-key

       To convert a key from another format (puttygen will automatically detect the input key type):

       puttygen my-ssh.com-key -o mykey.ppk

       To display the fingerprint of a key (some key types require a passphrase to extract even this much information):

       puttygen -l mykey.ppk

       To add the OpenSSH-format public half of a key to your authorised keys file:

       puttygen -L mykey.ppk >> $HOME/.ssh/authorized_keys

BUGS

       There's currently no way to supply passphrases in batch mode, or even just to specify that you don't want a passphrase at all.

PuTTY tool suite						    2004-03-24							       puttygen(1)