keyfile : The name of the existing key file to read, when modifying an existing key.
-t keytype : Specify the type of key to create. Accepted values include rsa and dsa. rsa1 is also supported to create legacy SSH-1 keys, but they are never needed.
-b bits : Specifies the number of bits in the key. For DSA keys, 1024 is the right size. For RSA keys, 2048 or even 4096 bits are recommended.
-q : Removes notifications about progress during key generation.
-C new-comment : Specify a comment to describe the key. Comments do not affect the operation of the key. You can specify additional comments for new keys or for existing keys to change their comments. Usually, comments will be used to identify the main owner, but because any value can be specified without a specific base.
-P : Request to change the passphrase of the key. The tool will prompt to create a new passphrase. Cannot specify a passphrase on the command line. The passphrase will be used to encrypt private key.
--old-passphrase-file file : Specifies a file to read the key's old passphrase. This is only necessary if using an existing key, protected by a passphrase.
--new-passphrase file : Specify a new passphrase for the key. This can be used when creating a new key or with the -P option to change the passphrase.
-O output-type : Specifies what is exported. By default, private key will be output. The following values can be specified:
- private : Private key in the proprietary PuTTY key format as a .ppk file.
- fingerprint : Export the key of the key. Fingerprint uniquely identifies the key and can, for example, be read by phone to ensure the key is what is mentioned.
- public : Save the public key corresponding to private key. For SSH2 key, the public key will be exported in the format specified by RFC 4716. For example, this format is supported by Tectia SSH. The keys in that format will look like this:
---- BEGIN SSH2 PUBLIC KEY ---- Comment: user@example.comAAAAB3NzaC1yc2EAAAABIwAAAIEA1on8gxCGJJWSRT4uOrR13mUaUk0hRf4RzxSZ1zRb YYFw8pfGesIFoEuVth4HKyF8k1y4mRUnYHP1XNMNMJl1JcEArC2asV8sHf6zSPVffozZ 5TT4SfsUu / iKy9lUcCfXzwre4WWZSXXcPff + = ---- END SSH2 EHtWshahu3WzBdnGxm5Xoi89zcE PUBLIC KEY ----
- public-openssh : Save public key, in the proprietary format of OpenSSH. This format is also supported by Tectia SSH as follows:
- private-openssh : Convert private key to OpenSSH format. This can only be used for SSH2 keys.
- private-sshcom : Convert private key to the format used by Tectia SSH.
- private-openssh : Includes private key for the format used by OpenSSH. This format is also supported by Tectia SSH.
-l is like fingerprint -O .
-L is similar to -O public-openssh .
-p is like -O public .
-o output-file : Specify the output file. This option is required when creating a new key. If not, when changing the passphrase or comment, the original file will be overwritten by default. When exporting the public key or fingerprint, the default is standard output.
-h or --help : Outputs help summarize text and usage.
-V or --version : Output the version number of the tool.
--pgpfp : Export the fingerprints of PGP Master keys used for new versions of PuTTY.