Naming conventions for OpenSSH public and private key pairs

A possible naming convention could be implemented with the following guidelines: Remove any information that is not specific to a server or purpose, while ensuring that at least one of the pieces of information (either OpenSSH/PuTTy or private/public) is present in the name. Regarding the format information, PuTTy uses “puttygen” for private keys and provides “ssh-keygen” for public keys, which is not suitable for MS Publisher. To maintain consistency, I suggest using the “puttygen” convention for the private key and appending “.pub” to the private key name for the public key (i.e., “privatekey.ppk” and “”).


For quite some time now, I’ve been utilizing public/
private key
pairs. However, I’ve been repeatedly contemplating the appropriate file extension to use. It appears that there is no established convention for both the public and private (openssh) keys.

There is a special extension in PuTTy known as


for “PuTTy Private Key”. The private key is stored either without an extension or with


, but I prefer not to use


since Microsoft uses it for MS Publisher. To avoid confusion, I store both keys with the same name and add


to the private key but not to the public key. This way, I can easily identify which key is for PuTTy only, and which one is public.

What is the appropriate way to handle the private openssh key? Should it be stored without an extension or with a specific naming convention like


? In case there is no standard convention, I would be grateful if someone has devised a personal concept and can share it.

Thanks in advance!

Solution 1:

Naming keys does not have an official convention, and their filenames are insignificant. The importance of the keys lies only to the person managing them, as the software only focuses on the contents of the files.

It is worth noting that OpenSSH key files can be named with a file extension that is identical to a regular text file, as they are essentially just text files.

When using the


tool, I typically follow their convention for naming keys. This involves using


for the private key, which can be either




, and appending the private key name with


for the public key, which can be either


. If I need to keep multiple keys, I add an additional identifier to the end of the name, resulting in names like




Solution 2:

After considering various naming concepts, I have arrived at the current one. Although PuTTy only has one convention (


for PuTTy Private Key), my suggested naming concept is not a strict requirement. It is merely an idea that may be helpful to others who are creating their own naming concepts.

What I want / don’t want

  • I am interested in utilizing both OpenSSH and PuTTY keypairs.
  • To prevent any confusion, I need a clear identification of the keys. Hence, I want to identify them as follows:
  • the algorithm
  • if it’s a private or a public key
  • if it’s OpenSSH or PuTTy format
  • I desire the title to be compatible with both Windows and Unix operating systems, adhering to their standards, even if Linux’s guidelines do not officially prohibit spaces.
  • In the event of a security issue, I am hesitant to change the keys on all servers. Therefore, I may only need to modify specific keys on certain servers, such as those listed:
  • don’t want to use the same keypair for several servers
  • and

  • want to use a keypair for only one purpose (purpose could be a user, a service or a task for example)
  • .

Hence, the title must incorporate these particulars:

  • Details of the proposal, whether it pertains to the username or task name, for instance.
  • If the key is specific to a server, then the name of the server is required.
  • The algorithm
  • Is it a private or public key?
  • Is it OpenSSH or PuTTy format?

A possible name scheme

As heavyd pointed out, it is advisable to adhere to the syntax of the


tool. However, I avoid using


for public keys to prevent any misinterpretation on Windows Systems since this file extension is already used by Microsoft Publisher, which has its own icon. To come up with a suitable naming convention, I combine the


syntax with PuTTy’s convention (


) and consider the conditions mentioned above.


With the following rules:

  • Delete


    only if it is not intended for a particular server.
  • Delete


    unless it serves a particular objective.
  • The name should consist of either





The format information (OpenSSH/PuTTy and private/public)

PuTTy offers


for private keys and


for public keys, but I avoid using the latter due to compatibility issues with MS Publisher. Instead, I rely on PuTTy’s


which only slightly differs from


. I use both naming conventions as a basis to create similar names for other keys. These names are then added as file extensions.

Name of OpenSSH private key:  .pk        an alternative could be .opk or   .ospk
Name of OpenSSH public key:   .pubk      an alternative could be .opubk or .ospubk
Name of PuTTY private key:    .ppk
Name of PuTTy Public Key:     .ppubk

Some examples:


Frequently Asked Questions

Posted in Ssh