8.2.16 PuTTYgen command-line configuration

PuTTYgen supports a set of command-line options to configure many of the same settings you can select in the GUI. This allows you to start it up with your own preferences ready-selected, which might be useful if you generate a lot of keys. (For example, you could make a Windows shortcut that runs PuTTYgen with some command line options, or a batch file or Powershell script that you could distribute to a whole organisation containing your local standards.)

The options supported on the command line are:

-t keytype

Type of key to generate. You can select rsa, dsa, ecdsa, eddsa, ed25519, ed448, or rsa1. See section 8.2.2.

-b bits

Size of the key to generate, in bits. See section 8.2.3.

--primes method

Method for generating prime numbers. You can select probable, proven, and proven-even. See section 8.2.4.

--strong-rsa

When generating an RSA key, make sure the prime factors of the key modulus are ‘strong primes’. See section 8.2.4.

--ppk-param key=value,...

Allows setting all the same details of the PPK save file format described in section 8.2.13.

Aspects to change are specified as a series of key=value pairs separated by commas. The keys are:

version

The PPK format version: either 3 or 2.

kdf

The variant of Argon2 to use: argon2id, argon2i, and argon2d.

memory

The amount of memory needed to decrypt the key, in Kbyte.

time

Specifies how much time is required to attempt decrypting the key, in milliseconds.

passes

Alternative to time: specifies the number of hash passes required to attempt decrypting the key.

parallelism

Number of parallelisable threads that can be used to decrypt the key.

-E fptype

Algorithm to use when displaying key fingerprints. You can select sha256 or md5. See section 8.2.6.