Overview of vkeygen


vkeygen is a SSH2 command-line key generation utility accessed from the Windows command prompt. vkeygen generates public and private keys.

Using vkeygen

The following is the format for vkeygen commands:

vkeygen [options]

Options

The following table lists the command-line options that can be used with vkeygen commands.

Option

Argument

Description

-b

bits

The key's length in bits (default value is 3072).

-c

comment

Specifies the key's comment.

--capi

 

Causes the private key to be encrypted using Microsoft CAPI instead of a passphrase. This option can only be used during a key generation or passphrase change operation. Note that after the private key has been encrypted using Microsoft CAPI, it can only be used by the same user and on the same machine with the same Windows password where it was encrypted.

If the key needs to be moved to another machine, the Microsoft CAPI encryption should be removed first by running vkeygen using the -p option without the --capi option.

-f

filename

Specifies the key's filename (the default filename is "id_rsa_<bits>" (e.g., "id_rsa_3072") -- a matching "id_rsa_<bits>.pub" will also be created). If you have specified an ssh-dsa public-key type, the default filename will be "id_dsa_<bits>".

--help

 

Displays usage.

-l

 

Displays the MD5 (when in non-FIPS mode), SHA1, and SHA2 fingerprints for a given key (the key being specified, for example, when -l is used in conjunction with the -f option).

-N

phrase

New passphrase.

-O

 

Specifies that the private key should be created in

in OpenSSH format.

-p

 

Changes the passphrase.

-P

phrase

Old passphrase.

-q

 

Quiets (does not display) the output.

-t

type

Specifies the type of public key, one of ssh-dss, ssh-rsa, ed25519, or ecdsa (ssh-rsa is the default).

--test

 

Tests the private key.

-x

file_path

Converts the private key from VanDyke format to OpenSSH format. The -x option requires that you provide the file path to where the converted key will be saved.

The -f option can also be used in conjunction with -x as a way of indicating which file is to be converted. In the absence of a -f command, default file names (e.g., id_rsa_3072, id_dsa_1024, etc.) will be used.

-y

 

Exports the public key portion of the private key.

Examples

The following are examples of vkeygen command-line use.

Generate new key pair

The example below will generate a new key pair with the name " c:\temp\myNewKey".

vkeygen -b 2048 -f   c:\temp\myNewKey -c "This is my new key" -N "P4$$phr$s3"

Test new key

This example show you how to test a new key.

vkeygen --test -f c:\temp\myNewKey

After you have entered the above command string, you will be prompted for your passphrase and, if the new key is valid, the result should be an "OK" response.

Change passphrase interactively

The string shown below will allow you to change your passphrase interactively.

vkeygen -p -f c:\temp\myNewKey

After entering the command string, you will be prompted for your current passphrase. If the passphrase you enter is incorrect, you will be prompted to reenter. Note that passphrases are case sensitive; be sure that your CAPS LOCK is not on.

Once your passphrase is accepted, you will be prompted for a new passphrase and to confirm that new passphrase.

Change passphrase non-interactively

The string shown below will allow you to change your passphrase without having to answer prompts.

vkeygen -f c:\temp\myNewKey -p -N P4$$phr4s3 -P qwerty