how is the sha fingerprint generated?
shawn wilson
ag4ve.us at gmail.com
Wed Jul 1 00:48:33 AEST 2015
On Tue, Jun 30, 2015 at 10:12 AM, Johannes Löthberg
<johannes at kyriasis.com> wrote:
> On 30/06, Johannes Löthberg wrote:
>>
>> On 30/06, shawn wilson wrote:
>>>
>>> % cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum
>>>
>>> ~/.ssh swlap1
>>> d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff -
>>> % ssh-keygen -lf ext_rsa.pub
>>>
>>> ~/.ssh swlap1
>>> 8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson at swlap1
>>> (RSA)
>>>
>>> Why do those differ and how would i generate the equivalent (mainly
>>> just curious)? I've also tried base64 and a few other substitutions at
>>> the end and I can't get them to match (probably would save time to
>>> just look at the code, but...).
>>
>>
>> It's not simply a checksum of the key file. You need to extract the
>> exponent and prime from the public key, then append those to a specific
>> string of bits, then get a SHA256 digest of that, and then base64 encode
>> that.
>>
>> https://github.com/kyrias/bin/blob/master/ssh-gen-fprint has an example
>> implementation of `ssh-keygen -lf` in Ruby.
>>
>
> Oh, and support for ECC keys aren't implemented because OpenSSL doesn't
> support it yet. :/
>
Heh, I noticed that- makes sense :)
And thanks
More information about the openssh-unix-dev
mailing list