# How to create a SFTP/SSH key on Windows

## Introduction

RSA keys provide a secure method of authenticating with an SSH or SFTP server without requiring a password. They are based on asymmetric encryption, which uses a matching pair of keys: one public and one private. The public key is shared with the server or service provider, while the private key remains securely on your machine and is used to establish the connection.

When you attempt to connect, the server uses the public key to generate a challenge that can only be solved by the corresponding private key. This process proves your identity without ever transmitting the private key itself, making the exchange both safe and reliable.

The keys are stored locally as text files, typically in the `.ssh` directory or saved in the client you are using to connect.&#x20;

**Key things to remember when create a new key:**

* The private key is used on the client
* The public key is used on the server - and can be shared
* Where possible - the private key should be password encrypted&#x20;
* You will need Powershell

{% hint style="warning" %}
If you are connecting using SFTP or SSH - you should never share your private key. Only share the public key.&#x20;
{% endhint %}

## How to Create an RSA SSH Key on Windows

#### 1. Open PowerShell

* Press **Start**, type `PowerShell`, and open **Windows PowerShell**.\
  (If you use Git Bash or WSL, you can follow the same steps there.)

***

#### 2. Generate the Key

Run the following command:

```powershell
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
```

* `-t rsa` → generates an RSA key.
* `-b 4096` → sets the key size to 4096 bits (strong security).
* `-C` → adds a label, usually your email.

***

#### 3. Choose a Save Location

You’ll be prompted with:

```
Enter file in which to save the key (C:\Users\YourName/.ssh/id_rsa):
```

* Press **Enter** to accept the default, or type a different file path if you want multiple keys.

***

#### 4. Add a Passphrase (Optional)

* Enter a passphrase for extra protection, or just press **Enter** to leave it blank.

***

#### 5. Verify the Keys

Check your `.ssh` folder:

```powershell
dir ~/.ssh
```

You should see:

* `id_rsa` → your **private key**
* `id_rsa.pub` → your **public key**

***

#### 6. Copy the Public Key

To copy your key to the clipboard:

```powershell
Get-Content ~/.ssh/id_rsa.pub | Set-Clipboard
```

Now you can paste it into GitHub, GitLab, or any server’s authorized keys.