- AES supports three key lengths. They are 128, 192 and 256 bits long. You chose to use the 256 bit algorithm that operates in CBC mode. It's a correct choice.
- The Advanced Encryption Standard (AES), also known by its original name Rijndael is a specification for the encryption of electronic data. It describes a symmetric-key algorithm using the same key for both encrypting and decrypting.
It looks like as of this writing, the PuTTY Gen conversion code only accepts keys that use the AES-128-CBC
or DES-EDE3-CBC
ciphers. Otherwise, it will complain with a 'unsupported cipher' error. (The latest release version at the moment is beta 0.67.)
For example, one of my private keys was using AES-256-CBC:
CBC ciphers are not considered secure due to publicised vulnerabilities. However there is no way around this issue other than to enable aes256-cbc for the private key operation. I will need to make a change, should be trivial in order to support it. Formatting OpenSSL keys for PuTTY Gen Conversion. GitHub Gist: instantly share code, notes, and snippets. Formatting OpenSSL keys for PuTTY Gen Conversion. GitHub Gist: instantly share code, notes, and snippets. One of my private keys was using AES-256-CBC:-BEGIN RSA PRIVATE KEY- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,xxxxxxx.
Note that if your key is encrypted with a passphrase or has a MAC(?), you might only see a header like:
Aes 256 Cbc Key Generator For Sale
The 'openssl' tool can be used to convert an existing private key to one of the acceptable formats above. Which of the two is another discussion, but hey, here is some insight.