From 80bd6a01aae5348c3aa826661fb497afbeb4ffa7 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Sat, 28 Feb 2015 19:08:15 +0000 Subject: [PATCH] Minimal documentation for ECDSA/ECDH support. --- doc/config.but | 22 ++++++++++++---------- doc/pageant.but | 3 ++- doc/pubkey.but | 22 ++++++++++++++-------- 3 files changed, 28 insertions(+), 19 deletions(-) diff --git a/doc/config.but b/doc/config.but index 0f8175f2..9044f9d8 100644 --- a/doc/config.but +++ b/doc/config.but @@ -2382,15 +2382,17 @@ PuTTY supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to cipher selection (see \k{config-ssh-encryption}). -PuTTY currently supports the following varieties of \i{Diffie-Hellman key -exchange}: +PuTTY currently supports the following key exchange methods: -\b \q{Group 14}: a well-known 2048-bit group. +\b \q{ECDH}: \i{elliptic curve} \i{Diffie-Hellman key exchange}. -\b \q{Group 1}: a well-known 1024-bit group. This is less secure -\#{FIXME better words} than group 14, but may be faster with slow -client or server machines, and may be the only method supported by -older server software. +\b \q{Group 14}: Diffie-Hellman key exchange with a well-known +2048-bit group. + +\b \q{Group 1}: Diffie-Hellman key exchange with a well-known +1024-bit group. This is less secure \#{FIXME better words} than +group 14, but may be faster with slow client or server machines, +and may be the only method supported by older server software. \b \q{\ii{Group exchange}}: with this method, instead of using a fixed group, PuTTY requests that the server suggest a group to use for key @@ -2398,9 +2400,9 @@ exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to PuTTY's configuration. We recommend use of this method, if possible. -In addition, PuTTY supports \i{RSA key exchange}, which requires much less -computational effort on the part of the client, and somewhat less on -the part of the server, than Diffie-Hellman key exchange. +\b \q{\i{RSA key exchange}}: this requires much less computational +effort on the part of the client, and somewhat less on the part of +the server, than Diffie-Hellman key exchange. If the first algorithm PuTTY finds is below the \q{warn below here} line, you will see a warning box when you make the connection, similar diff --git a/doc/pageant.but b/doc/pageant.but index b99b758b..7aecbc69 100644 --- a/doc/pageant.but +++ b/doc/pageant.but @@ -71,7 +71,8 @@ For each key, the list box will tell you: \b The type of the key. Currently, this can be \c{ssh1} (an RSA key for use with the SSH-1 protocol), \c{ssh-rsa} (an RSA key for use -with the SSH-2 protocol), or \c{ssh-dss} (a DSA key for use with +with the SSH-2 protocol), \c{ssh-dss} (a DSA key for use with +the SSH-2 protocol), or \c{ecdsa-sha2-*} (an ECDSA key for use with the SSH-2 protocol). \b The size (in bits) of the key. diff --git a/doc/pubkey.but b/doc/pubkey.but index 137dba23..dc8beae2 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -55,9 +55,9 @@ disk. Many people feel this is a good compromise between security and convenience. See \k{pageant} for further details. There is more than one \i{public-key algorithm} available. The most -common is \i{RSA}, but others exist, notably \i{DSA} (otherwise known as -DSS), the USA's federal Digital Signature Standard. The key types -supported by PuTTY are described in \k{puttygen-keytype}. +common are \i{RSA} and \i{ECDSA}, but others exist, notably \i{DSA} +(otherwise known as DSS), the USA's federal Digital Signature Standard. +The key types supported by PuTTY are described in \k{puttygen-keytype}. \H{pubkey-puttygen} Using \i{PuTTYgen}, the PuTTY key generator @@ -66,7 +66,7 @@ supported by PuTTY are described in \k{puttygen-keytype}. PuTTYgen is a key generator. It \I{generating keys}generates pairs of public and private keys to be used with PuTTY, PSCP, and Plink, as well as the PuTTY authentication agent, Pageant (see \k{pageant}). PuTTYgen -generates RSA and DSA keys. +generates RSA, DSA, and ECDSA keys. When you run PuTTYgen you will see a window where you have two choices: \q{Generate}, to generate a new public/private key pair, or @@ -118,14 +118,17 @@ of key: \b A \i{DSA} key for use with the SSH-2 protocol. +\b An \i{ECDSA} (\i{elliptic curve} DSA) key for use with the +SSH-2 protocol. + The SSH-1 protocol only supports RSA keys; if you will be connecting using the SSH-1 protocol, you must select the first key type or your key will be completely useless. -The SSH-2 protocol supports more than one key type. The two types -supported by PuTTY are RSA and DSA. +The SSH-2 protocol supports more than one key type. The types +supported by PuTTY are RSA, DSA, and ECDSA. -The PuTTY developers \e{strongly} recommend you use RSA. +The PuTTY developers \e{strongly} recommend you use RSA. \#{FIXME: ECDSA!} \I{security risk}\i{DSA} has an intrinsic weakness which makes it very easy to create a signature which contains enough information to give away the \e{private} key! @@ -147,7 +150,10 @@ more than one server. The \q{Number of bits} input box allows you to choose the strength of the key PuTTYgen will generate. -Currently 1024 bits should be sufficient for most purposes. +For RSA, 2048 bits should currently be sufficient for most purposes. +\#{FIXME: DSA} +For ECDSA, only 256, 384, and 521 bits are supported. (ECDSA offers +equivalent security to RSA with smaller key sizes.) \S{puttygen-generate} The \q{Generate} button