Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature request - ssh public key fingerprints #12132

Open
user3472g opened this issue Dec 11, 2024 · 3 comments
Open

feature request - ssh public key fingerprints #12132

user3472g opened this issue Dec 11, 2024 · 3 comments

Comments

@user3472g
Copy link

user3472g commented Dec 11, 2024

Perhaps the feature is there but I cannot find it.

Is there a way to obtain the md5 or sha256 fingerprint of a public key?

With ed25519 it can be done as:

hashlib.md5(key.public_bytes_raw()).hexdigest()

Other format do not support Raw encoding.

Seems wasteful to have to base64 or DER decode the key bytes, again, to get the raw bytes for hashing.

thank you

@alex
Copy link
Member

alex commented Dec 12, 2024

I'm not familiar with the exact format of SSH public key fingerprints, but in general if they're a hash of some serialization of the key, then you need to compute the serialization.

Several key types, e.g. RSA, do not have a "raw bytes" notion at all.

@user3472g
Copy link
Author

user3472g commented Dec 12, 2024

thank you for your reply.

By fingerprint what is meant is the md5 or sha256 hash of the base64 decoded bytes. What you get from command as: ssh-keygen -lf /path/to/key.pub or ssh-keygen -l -E md5 -f /path/to/key.pub for md5.

cryptography could provide this, as a convenience to the user, by hashing the memoryview passed into the load_public calls in the various private SSHFormat classes and making the hash value available in the class returned from load_ssh_public_ calls.

Several key types, e.g. RSA, do not have a "raw bytes" notion at all.

By, "raw bytes", am referring to formats such as those defined in RFC4523 and implemented in the serialization/ssh.py module

The "ssh-rsa" key format has the following specific encoding:

  string    "ssh-rsa"
  mpint     e
  mpint     n

@alex
Copy link
Member

alex commented Dec 16, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants