[prev in list] [next in list] [prev in thread] [next in thread]
List: openssh-unix-dev
Subject: Re: how is the sha fingerprint generated?
From: Emmanuel Vadot <elbarto () bocal ! org>
Date: 2015-06-30 17:20:46
Message-ID: 20150630192046.145a5a935cfa991ba21244fe () bocal ! org
[Download RAW message or body]
It does works with rsa, ecdsa and ed25519.
For ed25519 you may need to remove the extra = (base64 padding byte) at the end of \
the sum. And I've been lying when I said it does the same as ssh-keygen -fl, the \
first argument must be the public key not the path.
On Tue, 30 Jun 2015 18:43:36 +0200
Johannes Löthberg <johannes@kyriasis.com> wrote:
> On 30/06, Emmanuel Vadot wrote:
> >
> > You really don't need openssl for that.
> >
> > And the fingerprints are simple.
> > Here is a python script that do the same as ssh-keygen
> > -fl /path/to/key :
> >
> > #!/usr/bin/env python3
> >
> > import binascii
> > import hashlib
> > import sys
> >
> > if __name__ == "__main__":
> > key = binascii.a2b_base64(sys.argv[1])
> > if sys.argv[2] == "md5":
> > m = hashlib.new("md5")
> > m.update(key)
> > print(m.hexdigest())
> > elif sys.argv[2] == "sha256":
> > m = hashlib.new("sha256")
> > m.update(key)
> > print(binascii.b2a_base64(m.digest()).decode("utf8")[0:-1])
> >
> > Do use it in production, do some test, but the general idea is there.
> >
>
> That doesn't actually work for either RSA nor Ed25519 keys?
>
> Example: https://theos.kyriasis.com/~kyrias/s/mX8U0VzI5w.png
>
> --
> Sincerely,
> Johannes Löthberg
> PGP Key ID: 0x50FB9B273A9D0BB5
> https://theos.kyriasis.com/~kyrias/
--
Emmanuel Vadot <elbarto@bocal.org>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic