vkeygen is a SSH2 command-line key generation utility accessed from the Windows command prompt. vkeygen generates public and private keys.
Using vkeygen
The following is the format for vkeygen commands:
vkeygen [options]
Options
The following table lists the command-line options that can be used with vkeygen commands.
Option |
Argument |
Description |
-b |
bits |
The key's length in bits (default value is 3072). |
-c |
comment |
Specifies the key's comment. |
--capi |
|
Causes the private key to be encrypted using Microsoft CAPI instead of a passphrase. This option can only be used during a key generation or passphrase change operation. Note that after the private key has been encrypted using Microsoft CAPI, it can only be used by the same user and on the same machine with the same Windows password where it was encrypted. If the key needs to be moved to another machine, the Microsoft CAPI encryption should be removed first by running vkeygen using the -p option without the --capi option. |
-f |
filename |
Specifies the key's filename (the default filename is "id_rsa_<bits>" (e.g., "id_rsa_3072") -- a matching "id_rsa_<bits>.pub" will also be created). If you have specified an ssh-dsa public-key type, the default filename will be "id_dsa_<bits>". |
--help |
|
Displays usage. |
-l |
|
Displays the MD5 (when in non-FIPS mode), SHA1, and SHA2 fingerprints for a given key (the key being specified, for example, when -l is used in conjunction with the -f option). |
-N |
phrase |
New passphrase. |
-O |
|
Specifies that the private key should be created in in OpenSSH format. |
-p |
|
Changes the passphrase. |
-P |
phrase |
Old passphrase. |
-q |
|
Quiets (does not display) the output. |
-t |
type |
Specifies the type of public key, one of ssh-dss, ssh-rsa, ed25519, or ecdsa (ssh-rsa is the default). |
--test |
|
Tests the private key. |
-x |
file_path |
Converts the private key from VanDyke format to OpenSSH format. The -x option requires that you provide the file path to where the converted key will be saved. The -f option can also be used in conjunction with -x as a way of indicating which file is to be converted. In the absence of a -f command, default file names (e.g., id_rsa_3072, id_dsa_1024, etc.) will be used. |
-y |
|
Exports the public key portion of the private key. |
Examples
The following are examples of vkeygen command-line use.
Generate new key pair
The example below will generate a new key pair with the name " c:\temp\myNewKey".
vkeygen -b 2048 -f c:\temp\myNewKey -c "This is my new key" -N "P4$$phr$s3"
Test new key
This example show you how to test a new key.
vkeygen --test -f c:\temp\myNewKey
After you have entered the above command string, you will be prompted for your passphrase and, if the new key is valid, the result should be an "OK" response.
Change passphrase interactively
The string shown below will allow you to change your passphrase interactively.
vkeygen -p -f c:\temp\myNewKey
After entering the command string, you will be prompted for your current passphrase. If the passphrase you enter is incorrect, you will be prompted to reenter. Note that passphrases are case sensitive; be sure that your CAPS LOCK is not on.
Once your passphrase is accepted, you will be prompted for a new passphrase and to confirm that new passphrase.
Change passphrase non-interactively
The string shown below will allow you to change your passphrase without having to answer prompts.
vkeygen -f c:\temp\myNewKey -p -N P4$$phr4s3 -P qwerty