How to convert ed25519 private key to putty ppk?

问题

I want to convert an ed25519 private key (which is generated by ssh-keygen command) to a ppk file. But I got the error.

Couldn't load private key (unrecognized cipher name)

Can someone help me?

• tested openssh version: OpenSSH_7.6p1, OpenSSL 1.1.0g 2 Nov 2017 and OpenSSH_7.6p1, OpenSSL 1.0.2n 7 Dec 2017 (on CoreOS and ArchLinux docker container)

• tested putty version: 0.70 64bit, 0.70 32bit and snapshot (on windows 10)

My procedure is as follows.

1. Generate an ed25519 private key

# ssh-keygen -t ed25519 -a 100
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_ed25519.
Your public key has been saved in /root/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:2HfORujStwmC9c91rmDxMbaV9kVMT70gWxnRXAvNrNU root@f46f23bbad55
The key's randomart image is:
+--[ED25519 256]--+
|             +X B|
|           . +.@E|
|            + +.=|
|       o   o . o.|
|      . S o + +oo|
|       o = = +.=o|
|      . o = B + o|
|         o B = o |
|            = ...|
+----[SHA256]-----+

# cat .ssh/id_ed25519
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABClhk1367
G8CQYpo/0c7UShAAAAZAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIIJiwIymcly4s66p
za/IL3ZNyT5CiMPj0R+/LnMDmABUAAAAoMJIakdbIL7TOAmX8n4xGSrtp8mc/Mr6qimZAZ
zGB7iRhNUXT+isPdf0YuC9mh5NbX43ZYFl+/sWdi2hVmJxbGTwrjaSdNzF3ZnSpi/aVlzF
t3bUCtdwhHLaLqy9unw0zPHlfcQsB700GS/bf4VKRmm1+imj3cAldUm2RF3VdI0U9/04yX
Mj+VBOmevM0i7R/0d6xUFTH3zj99xxeLI2J6A=
-----END OPENSSH PRIVATE KEY-----

# cat .ssh/id_ed25519.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJiwIymcly4s66pza/IL3ZNyT5CiMPj0R+/LnMDmABU root@f46f23bbad55

2. Run puttygen.exe on windows and try to import the ed25519 private key (.ssh/id_ed25519)

Couldn't load private key (unrecognized cipher name)

回答1:

Update 2019-03-20: https://www.chiark.greenend.org.uk/~sgtatham/putty/releases/0.71.html supports these keys

At the time of writing this, the puttygen snapshot from https://www.chiark.greenend.org.uk/~sgtatham/putty/snapshot.html seems to support these keys where 0.70 did not. It's not explicitly mentioned in the changelog.

I tested Development snapshot 2019-01-17.53747ad

回答2:

The command in the above answer is just printing public key portion in RFC4716 format.

At some point, ssh-keygen generates openssh private key which doesn't use cipher supported by puttygen.

ssh-keygen doesn't provide option to specify cipher name to encrypt the resulting openssh private key.

There is a workaround: remove the passphrase from the key before importing into puttygen.

$ cp ~/.ssh/id_ed25519 ~/.ssh/id_ed25519-for-putty

$ ssh-keygen -p -f ~/.ssh/id_ed25519-for-putty
Enter old passphrase: <your passphrase>
Enter new passphrase (empty for no passphrase): <press Enter>
Enter same passphrase again: <press Enter>

Then, use puttygen to convert ~/.ssh/id_ed25519-for-putty into .ppk and set the passphrase from puttygen.

Don't forget to shred and remove ~/.ssh_id_ed25519-for-putty afterwards for obvious reason.

回答3:

You need to export the key into RFC4716 format before importing the key into puttygen

$ ssh-keygen -e -m RFC4716 -f ~/.ssh/id_ed25519 > ~/.ssh/exported_id_ed25519

Then, import the resulting exported_id_ed25519 into puttygen and convert the key into .ppk

回答4:

Actually this Problem does not deal with Ed25519 itself. It does happen because of new openssh format. The following is what man ssh-keygen shows about -o option.

-o Causes ssh-keygen to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. Ed25519 keys always use the new private key format.

The new format encrypt private key file a few times (usually about 100 times) with key deriviation function(KDF) for making decrypting slow. Searching further detail about new format using bcrypt KDF could be start in this link: https://pthree.org/2014/12/08/super-size-the-strength-of-your-openssh-private-keys/

you may try ssh-keygen with -o option to rsa or dsa type private key and see puttygen also cannot parse these either. And as you can see in man page, you have no choice for puttygen in Ed25519.

After some struggling, now I just use key made with puttygen but I'm afraid I cannot get benefit of KDF.

回答5:

putty key generator has this ability I think.

1. Select Conversions -> Import Key from the menu bar.
2. Import your ed25519 key into it.
3. Save private key with extension of ppk.

Then you are good to go, I suppose

回答6:

Although there is an accepted answer, the way to convert an already generated private key (id_rsa) to putty format:

1. use this command: ssh-keygen -p -P "<old pass phrase>" -N "<new pass phrase>" -m PEM -f id_rsa to convert the key to putty acceptable format
2. Open PuttyGen and from the top menu select Convertions and then Import key (you will be prompted for the passphrase here, enter it if you provided one on key generation and click ok)
3. Finally click on Save private key and you are good to go!

回答7:

I had the same issue when recently deploying a Debian system and updating my putty apps that was in 0.70 to 0.72 fixed the issue. The private key was generated with the command below in my Debian system and then transferred to my windows PC.

ssh-keygen -b 4096

来源：https://stackoverflow.com/questions/49083709/how-to-convert-ed25519-private-key-to-putty-ppk