PuTTY wish ecdsa

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Support for ECDSA keys in PuTTY and PuTTYgen
class: wish: This is a request for an enhancement.
difficulty: tricky: Needs many tuits.
priority: medium: This should be fixed one day.
fixed-in: 2014-11-03 53ff0ffd55dcefbdc8ddd7a4a4090e5925b95dd5 (0.68)

RFC 5656 defines elliptic-curve (ECDSA) key formats (host and user) for use with SSH-2, and associated ECDH key exchange methods. OpenSSH has supported these since 5.7.

PuTTY does not currently support these. It probably should.

The only niggle I (OSD) have is that I'm not 100% sure what the patent situation is. (Wikipedia has some words on the subject.)

A user reports that the French government computing security agency ANSSI has recommendations for configuring OpenSSH that prefer use of ECDSA keys.

2014-11: the development snapshots now include support for the mandatory parts of RFC5656: that is, ECDSA host and user keys and ECDH key exchange, with the curves nistp256, nistp384, and nistp521.

(This support is not included in PuTTY 0.64; however, a release labelled as 0.64 but erroneously built from the wrong source code was briefly available. If you have a version of PuTTY claiming to be 0.64 and to support ECDH/ECDSA, you should download a fresh copy, not least because the erroneous version is missing security fixes to unrelated code.)


If you want to comment on this web site, see the Feedback page.
Audit trail for this wish.
(last revision of this bug record was at 2016-12-27 11:40:22 +0000)