PuTTYgen – PuTTY Key Generator for Windows
PuTTYgen (puttygen.exe) is the SSH key generator bundled with the PuTTY suite for Windows. As the primary putty key generator, it creates RSA, Ed25519, ECDSA, and DSA key pairs in the .ppk format native to PuTTY — and also imports and converts OpenSSH private keys to the PuTTY format for use with Pageant and Plink.
Supported Key Types
| Algorithm | Key Sizes | Recommendation |
|---|---|---|
| RSA | 1024, 2048, 3072, 4096 bits | Use 4096-bit minimum. Most compatible option. |
| DSA | 1024 bits | Legacy. Avoid on new systems — limited to 1024-bit. |
| ECDSA | 256, 384, 521 bits (NIST curves) | Good performance. Use nistp521 where possible. |
| Ed25519 | Fixed 256-bit (EdDSA) | Recommended. Modern, fast, and highly secure. |
| Ed448 | Fixed 448-bit (EdDSA) | High security. Less widely supported than Ed25519. |
Generate a 4096-bit RSA Key Pair
- Download
puttygen.exefrom the official PuTTY releases page. - Run
puttygen.exe. No installation is required. - Under Parameters, select RSA and set the bit count to 4096.
- Click Generate and move your mouse randomly over the blank area to generate entropy.
- Enter a Key passphrase and confirm it. Never leave the passphrase blank for keys used to access production systems.
- Click Save public key — save as
id_rsa.pub. - Click Save private key — save as
id_rsa.ppk. Store this file securely. - Copy the text in the Public key for pasting into OpenSSH authorized_keys file box and add it to your server.
Private Key Security: The
.ppk file contains your private key. Never share it, upload it to a repository, or store it in cloud sync folders without encryption. Treat it like a password.Generate an Ed25519 Key (Recommended Modern Alternative)
Ed25519 keys offer excellent security with smaller key sizes and faster authentication than RSA. Follow the same steps above, but select EdDSA then choose Ed25519 from the curve dropdown.
# After generating, the public key in authorized_keys format looks like:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... user@workstationConvert OpenSSH Private Key to PPK Format
If you have an existing OpenSSH private key (e.g., from a Linux system or GitHub), you can convert it to PPK for use in PuTTY:
- Open PuTTYgen.
- Click Load and change the file filter to All Files (*.*).
- Select your OpenSSH private key file (e.g.,
id_ed25519orid_rsa). - Enter the passphrase if prompted.
- Click Save private key to export as
.ppk.
PuTTYgen Command-Line Usage
PuTTYgen supports command-line operation for scripted key generation and conversion:
# Generate a 4096-bit RSA key pair (no passphrase — for automation only)
puttygen -t rsa -b 4096 -o mykey.ppk --ppk-param version:3
# Generate an Ed25519 key with a passphrase
puttygen -t ed25519 -P -o mykey.ppk
# Convert PPK to OpenSSH private key format
puttygen mykey.ppk -O private-openssh -o mykey_openssh
# Export just the public key in OpenSSH authorized_keys format
puttygen mykey.ppk -O public-openssh -o mykey.pubAdding the Public Key to a Remote Server
- Copy the public key text from PuTTYgen's top text box.
- SSH into your server using password authentication.
- Create the
.sshdirectory if needed:mkdir -p ~/.ssh && chmod 700 ~/.ssh - Append the key:
echo "YOUR_PUBLIC_KEY" >> ~/.ssh/authorized_keys - Set correct permissions:
chmod 600 ~/.ssh/authorized_keys
See the full SSH Keys Setup guide for detailed instructions on file permissions and troubleshooting key-based authentication.