зеркало из https://github.com/github/putty.git
Minimal documentation for ECDSA/ECDH support.
This commit is contained in:
Jacob Nevins
Родитель
45e89ed7ca
Коммит
80bd6a01aa
|
|
@ -2382,15 +2382,17 @@ PuTTY supports a variety of SSH-2 key exchange methods, and allows you
|
|||
to choose which one you prefer to use; configuration is similar to
|
||||
cipher selection (see \k{config-ssh-encryption}).
|
||||
|
||||
PuTTY currently supports the following varieties of \i{Diffie-Hellman key
|
||||
exchange}:
|
||||
PuTTY currently supports the following key exchange methods:
|
||||
|
||||
\b \q{Group 14}: a well-known 2048-bit group.
|
||||
\b \q{ECDH}: \i{elliptic curve} \i{Diffie-Hellman key exchange}.
|
||||
|
||||
\b \q{Group 1}: a well-known 1024-bit group. This is less secure
|
||||
\#{FIXME better words} than group 14, but may be faster with slow
|
||||
client or server machines, and may be the only method supported by
|
||||
older server software.
|
||||
\b \q{Group 14}: Diffie-Hellman key exchange with a well-known
|
||||
2048-bit group.
|
||||
|
||||
\b \q{Group 1}: Diffie-Hellman key exchange with a well-known
|
||||
1024-bit group. This is less secure \#{FIXME better words} than
|
||||
group 14, but may be faster with slow client or server machines,
|
||||
and may be the only method supported by older server software.
|
||||
|
||||
\b \q{\ii{Group exchange}}: with this method, instead of using a fixed
|
||||
group, PuTTY requests that the server suggest a group to use for key
|
||||
|
|
@ -2398,9 +2400,9 @@ exchange; the server can avoid groups known to be weak, and possibly
|
|||
invent new ones over time, without any changes required to PuTTY's
|
||||
configuration. We recommend use of this method, if possible.
|
||||
|
||||
In addition, PuTTY supports \i{RSA key exchange}, which requires much less
|
||||
computational effort on the part of the client, and somewhat less on
|
||||
the part of the server, than Diffie-Hellman key exchange.
|
||||
\b \q{\i{RSA key exchange}}: this requires much less computational
|
||||
effort on the part of the client, and somewhat less on the part of
|
||||
the server, than Diffie-Hellman key exchange.
|
||||
|
||||
If the first algorithm PuTTY finds is below the \q{warn below here}
|
||||
line, you will see a warning box when you make the connection, similar
|
||||
|
|
|
|||
|
|
@ -71,7 +71,8 @@ For each key, the list box will tell you:
|
|||
|
||||
\b The type of the key. Currently, this can be \c{ssh1} (an RSA key
|
||||
for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use
|
||||
with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with
|
||||
with the SSH-2 protocol), \c{ssh-dss} (a DSA key for use with
|
||||
the SSH-2 protocol), or \c{ecdsa-sha2-*} (an ECDSA key for use with
|
||||
the SSH-2 protocol).
|
||||
|
||||
\b The size (in bits) of the key.
|
||||
|
|
|
|||
|
|
@ -55,9 +55,9 @@ disk. Many people feel this is a good compromise between security
|
|||
and convenience. See \k{pageant} for further details.
|
||||
|
||||
There is more than one \i{public-key algorithm} available. The most
|
||||
common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as
|
||||
DSS), the USA's federal Digital Signature Standard. The key types
|
||||
supported by PuTTY are described in \k{puttygen-keytype}.
|
||||
common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA}
|
||||
(otherwise known as DSS), the USA's federal Digital Signature Standard.
|
||||
The key types supported by PuTTY are described in \k{puttygen-keytype}.
|
||||
|
||||
\H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator
|
||||
|
||||
|
|
@ -66,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}.
|
|||
PuTTYgen is a key generator. It \I{generating keys}generates pairs of
|
||||
public and private keys to be used with PuTTY, PSCP, and Plink, as well
|
||||
as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen
|
||||
generates RSA and DSA keys.
|
||||
generates RSA, DSA, and ECDSA keys.
|
||||
|
||||
When you run PuTTYgen you will see a window where you have two
|
||||
choices: \q{Generate}, to generate a new public/private key pair, or
|
||||
|
|
@ -118,14 +118,17 @@ of key:
|
|||
|
||||
\b A \i{DSA} key for use with the SSH-2 protocol.
|
||||
|
||||
\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the
|
||||
SSH-2 protocol.
|
||||
|
||||
The SSH-1 protocol only supports RSA keys; if you will be connecting
|
||||
using the SSH-1 protocol, you must select the first key type or your
|
||||
key will be completely useless.
|
||||
|
||||
The SSH-2 protocol supports more than one key type. The two types
|
||||
supported by PuTTY are RSA and DSA.
|
||||
The SSH-2 protocol supports more than one key type. The types
|
||||
supported by PuTTY are RSA, DSA, and ECDSA.
|
||||
|
||||
The PuTTY developers \e{strongly} recommend you use RSA.
|
||||
The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!}
|
||||
\I{security risk}\i{DSA} has an intrinsic weakness which makes it very
|
||||
easy to create a signature which contains enough information to give
|
||||
away the \e{private} key!
|
||||
|
|
@ -147,7 +150,10 @@ more than one server.
|
|||
The \q{Number of bits} input box allows you to choose the strength
|
||||
of the key PuTTYgen will generate.
|
||||
|
||||
Currently 1024 bits should be sufficient for most purposes.
|
||||
For RSA, 2048 bits should currently be sufficient for most purposes.
|
||||
\#{FIXME: DSA}
|
||||
For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers
|
||||
equivalent security to RSA with smaller key sizes.)
|
||||
|
||||
\S{puttygen-generate} The \q{Generate} button
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче