Re: how is the sha fingerprint generated?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 30/06, Johannes Löthberg wrote:
On 30/06, shawn wilson wrote:
% cat ext_rsa.pub| sed -r 's/.*(AAAA[^ ]+).*/\1/' | sha256sum

~/.ssh swlap1
d4bf8b06f2d9d9af7a11583a5367205ed310a84f0dee68d062e2ddca1e85c3ff  -
% ssh-keygen -lf ext_rsa.pub

 ~/.ssh swlap1
8192 SHA256:FgrfxmdjTM/j4wwRa7nVdPSUaJdqHYMJtJ6aciPl9ug swilson@swlap1 (RSA)

Why do those differ and how would i generate the equivalent (mainly
just curious)? I've also tried base64 and a few other substitutions at
the end and I can't get them to match (probably would save time to
just look at the code, but...).

It's not simply a checksum of the key file. You need to extract the exponent and prime from the public key, then append those to a specific string of bits, then get a SHA256 digest of that, and then base64 encode that.

https://github.com/kyrias/bin/blob/master/ssh-gen-fprint has an example implementation of `ssh-keygen -lf` in Ruby.


Oh, and support for ECC keys aren't implemented because OpenSSL doesn't support it yet. :/

--
Sincerely,
 Johannes Löthberg
 PGP Key ID: 0x50FB9B273A9D0BB5
 https://theos.kyriasis.com/~kyrias/

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux