Re: how is the sha fingerprint generated?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



 It does works with rsa, ecdsa and ed25519.
 For ed25519 you may need to remove the extra = (base64 padding byte) at the end of the sum.
 And I've been lying when I said it does the same as ssh-keygen -fl, the first argument must be the public key not the path.

On Tue, 30 Jun 2015 18:43:36 +0200
Johannes Löthberg <johannes@xxxxxxxxxxxx> wrote:

> On 30/06, Emmanuel Vadot wrote:
> >
> > You really don't need openssl for that.
> >
> > And the fingerprints are simple.
> > Here is a python script that do the same as ssh-keygen
> >-fl /path/to/key :
> >
> >#!/usr/bin/env python3
> >
> >import binascii
> >import hashlib
> >import sys
> >
> >if __name__ == "__main__":
> >    key = binascii.a2b_base64(sys.argv[1])
> >    if sys.argv[2] == "md5":
> >        m = hashlib.new("md5")
> >        m.update(key)
> >        print(m.hexdigest())
> >    elif sys.argv[2] == "sha256":
> >        m = hashlib.new("sha256")
> >        m.update(key)
> >        print(binascii.b2a_base64(m.digest()).decode("utf8")[0:-1])
> >
> > Do use it in production, do some test, but the general idea is there.
> >
> 
> That doesn't actually work for either RSA nor Ed25519 keys?
> 
> Example: https://theos.kyriasis.com/~kyrias/s/mX8U0VzI5w.png
> 
> -- 
> Sincerely,
>   Johannes Löthberg
>   PGP Key ID: 0x50FB9B273A9D0BB5
>   https://theos.kyriasis.com/~kyrias/


-- 
Emmanuel Vadot <elbarto@xxxxxxxxx>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux