9.2.1 The key list box

The large list box in the Pageant main window lists the private keys that are currently loaded into Pageant. The list might look something like this:

Ed25519    SHA256:TddlQk20DVs4LRcAsIfDN9pInKpY06D+h4kSHwWAj4w
RSA  2048  SHA256:8DFtyHm3kQihgy52nzX96qMcEVOq7/yJmmwQQhBWYFg

For each key, the list box will tell you:

• The type of the key. Currently, this can be ‘RSA’ (an RSA key for use with the SSH-2 protocol), ‘DSA’ (a DSA key for use with the SSH-2 protocol), ‘NIST’ (an ECDSA key for use with the SSH-2 protocol), ‘Ed25519’ (an Ed25519 key for use with the SSH-2 protocol), ‘Ed448’ (an Ed448 key for use with the SSH-2 protocol), or ‘SSH-1’ (an RSA key for use with the old SSH-1 protocol). (If the key has an associated certificate, this is shown here with a ‘cert’ suffix.)
• The size (in bits) of the key, for key types that come in different sizes. (For ECDSA ‘NIST’ keys, this is indicated as ‘p256’ or ‘p384’ or ‘p521’.)
• The fingerprint for the public key. This should be the same fingerprint given by PuTTYgen, and (hopefully) also the same fingerprint shown by remote utilities such as ssh-keygen when applied to your authorized_keys file.

  For SSH-2 keys, by default this is shown in the ‘SHA256’ format. You can change to the older ‘MD5’ format (which looks like aa:bb:cc:...) with the ‘Fingerprint type’ drop-down, but bear in mind that this format is less secure and should be avoided for comparison purposes where possible.

  If some of the keys loaded into Pageant have certificates attached, then Pageant will default to showing the fingerprint of the underlying key. This way, a certified and uncertified version of the same key will have the same fingerprint, so you can see that they match. You can instead use the ‘Fingerprint type’ drop-down to ask for a different fingerprint to be shown for certified keys, which includes the certificate as part of the fingerprinted data. That way you can tell two certificates apart.

• The comment attached to the key.
• The state of deferred decryption, if enabled for this key. See section 9.5.