how is the sha fingerprint generated?

Johannes Löthberg johannes at kyriasis.com
Wed Jul 1 02:43:36 AEST 2015


On 30/06, Emmanuel Vadot wrote:
>
> You really don't need openssl for that.
>
> And the fingerprints are simple.
> Here is a python script that do the same as ssh-keygen
>-fl /path/to/key :
>
>#!/usr/bin/env python3
>
>import binascii
>import hashlib
>import sys
>
>if __name__ == "__main__":
>    key = binascii.a2b_base64(sys.argv[1])
>    if sys.argv[2] == "md5":
>        m = hashlib.new("md5")
>        m.update(key)
>        print(m.hexdigest())
>    elif sys.argv[2] == "sha256":
>        m = hashlib.new("sha256")
>        m.update(key)
>        print(binascii.b2a_base64(m.digest()).decode("utf8")[0:-1])
>
> Do use it in production, do some test, but the general idea is there.
>

That doesn't actually work for either RSA nor Ed25519 keys?

Example: https://theos.kyriasis.com/~kyrias/s/mX8U0VzI5w.png

-- 
Sincerely,
  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1495 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150630/3bb1ffed/attachment.bin>


More information about the openssh-unix-dev mailing list