ECDSA (elliptic curve digital signature algorithm), or ECC (elliptic curve cryptography) as it’s sometimes known, is the successor of the digital signature algorithm (DSA). ECDSA was born when two mathematicians named Neal Koblitz and Victor S. Miller proposed the use of elliptical curves in cryptography. However, it took almost two decades for the ECDSA algorithm to become standardized.
In this post, we will share how to create ECDSA key with ssh keygen command.
Generate an SSH ECDSA Key Pair on UNIX and UNIX-Like Systems
Use the following procedure to generate an SSH key pair on UNIX and UNIX-like systems:
Run the ssh-keygen command.
We can use the -t option to specify the type of key to create.
For example, to create an ECDSA key, run:
- ssh-keygen -t ECDSA
We can use the -b option to specify the length (bit size) of the key, as shown in the following example:
- ssh-keygen -b 521 -t ECDSA
The command prompts us to enter the path to the file in which we want to save the key.
A default path and file name are suggested in parentheses. For example: /home/user_name/.ssh/id_ecdsa. To accept the default path and file name, press Enter. Otherwise, enter the required path and file name, and then press Enter.
The command prompts us to enter a passphrase.
The passphrase is not mandatory. However, it is recommended that we specify a passphrase to protect our private key against unauthorized use.
When prompted, enter the passphrase again to confirm it.
The command generates an SSH key pair consisting of a public key and a private key, and saves them in the specified path. The file name of the public key is created automatically by appending .pub to the name of the private key file. For example, if the file name of the SSH private key is id_ecdsa, the file name of the public key would be id_ecdsa.pub.
ssh-keygen Command and Option Summary
Here’s a summary of commonly used options to the ssh keygen tool:
- -b “Bits” This option specifies the number of bits in the key. The regulations that govern the use case for SSH may require a specific key length to be used. In general, 2048 bits is considered to be sufficient for RSA keys.
- -e “Export” This option allows reformatting of existing keys between the OpenSSH key file format and the format documented in RFC 4716, “SSH Public Key File Format”.
- -t “Type” This option specifies the type of key to be created. Commonly used values are: – rsa for RSA keys – dsa for DSA keys – ecdsa for elliptic curve DSA keys
- -i “Input” When ssh-keygen is required to access an existing key, this option designates the file.
- -f “File” Specifies name of the file in which to store the created key.