Free tool · Runs in your browser

OpenSSH to PPK Converter

Convert an OpenSSH private key (Ed25519 or RSA) into PuTTY .ppk format so you can use it with PuTTY, Pageant, and WinSCP. Runs entirely in your browser - your key is never uploaded - with the PuTTYgen command for offline use.

Conversion runs entirely in your browser - your key is never uploaded. For production keys, converting locally with PuTTYgen is the gold standard.

OpenSSH private key

Prefer to convert offline with PuTTYgen?

puttygen command
puttygen id_ed25519 -o key.ppk

Why convert OpenSSH to .ppk?

Most tools generate and store keys in the OpenSSH format (id_ed25519, id_rsa). But PuTTY, Pageant, and WinSCP on Windows only load PuTTY's own .ppk format - so to use an existing OpenSSH key with them, you convert it first.

This tool converts an OpenSSH key to .ppk. Need the reverse? Convert PPK to OpenSSH. The key material is the same in both formats; only the container changes.

Converting with PuTTYgen (offline)

The official offline route is PuTTYgen. In the GUI: Load your OpenSSH private key (switch the file filter to All Files if needed), then Save private key to write a .ppk. On the command line:

  • puttygen id_ed25519 -o key.ppk - OpenSSH to .ppk
  • puttygen id_ed25519 -O private-openssh -o id_ed25519 - the reverse

This tool generates the OpenSSH-to-.ppk command for you so you can convert locally if you prefer.

Which OpenSSH keys are supported

Paste a modern OpenSSH private key - the kind that starts with -----BEGIN OPENSSH PRIVATE KEY----- - for Ed25519 or RSA, and it converts in the browser. If your key is an older PEM key (-----BEGIN RSA PRIVATE KEY----- or BEGIN PRIVATE KEY), the tool detects it and shows the puttygen command to convert it locally, since PuTTYgen reads those formats directly.

Passphrase-protected keys

A key encrypted with a passphrase must be decrypted before it can be converted here. Remove the passphrase first with ssh-keygen -p -f id_ed25519, or use the offline puttygen command (PuTTYgen prompts for the passphrase and lets you set a new one on the .ppk). This tool never asks for your passphrase.

Is it safe to convert a key online?

This converter runs 100% client-sidewith no network calls - you can confirm that with your browser's network tab open. Even so, a private key is sensitive: for production keys, prefer the offline PuTTYgen command. This tool is ideal for test keys and quick migrations onto PuTTY.

Key formats at a glance

FormatUsed byTypical file
OpenSSHssh, ssh-keygen, scp, sftpid_ed25519 / id_rsa
.ppkPuTTY, Pageant, WinSCP (Windows)mykey.ppk
PEMOpenSSL, older OpenSSH, some cloudsid_rsa (BEGIN RSA PRIVATE KEY)
OpenSSH & PPK FAQ

Frequently asked questions

Set the direction to OpenSSH to .ppk, paste your OpenSSH private key (the -----BEGIN OPENSSH PRIVATE KEY----- kind), and download the generated key.ppk. Offline, run puttygen id_ed25519 -o key.ppk. PuTTY, Pageant, and WinSCP can then load the .ppk.
PuTTY and Pageant only load .ppk files, so convert your id_ed25519 to .ppk first (with this tool or PuTTYgen), then load the .ppk in PuTTY under Connection > SSH > Auth, or add it to Pageant. The matching public key stays on the server unchanged.
PEM keys (PKCS#1 or PKCS#8) are not parsed in the browser here, but PuTTYgen reads them directly - the tool shows the exact puttygen command to convert a PEM key to .ppk locally. Modern OpenSSH-format keys convert in the browser.
This tool does the conversion entirely in your browser and never uploads your key - you can verify there are no network requests. For production keys, converting offline with PuTTYgen is safest; the tool shows you that command.
Encrypted keys must be decrypted first. Remove the passphrase with ssh-keygen -p -f id_ed25519, then convert, or use the offline puttygen command which prompts for the passphrase locally and lets you set one on the resulting .ppk.
They store the same key in different containers. OpenSSH format (id_ed25519, id_rsa) is the standard used by ssh and most tools; PuTTY .ppk is Windows-specific and includes a built-in integrity MAC. Converting just repackages the key - it does not change or weaken it.
Or skip the conversion entirely

A modern SSH client, no key juggling.

CtrlOps uses standard OpenSSH keys and manages them for you - generate, store, and assign keys per server, encrypted on your own machine. No more converting formats just to connect.

Start instantly· No credit card· No sneaky autorenewals