This document describes fingerprint computation and presentation for ssh public keys, with test vectors. The test vectors are seven keys of various sizes, here presented in RFC4716 standard interchange format. All the sizes are different, thus making it easy to refer to them by simply giving the sizes: The 1024-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAAAFAAAAABAAAAgQDLzSgWN97PzM8HZoe0Kedr1Sm+5ks9/s CoeiNw5ALOHmxtQhmQF1Vi2pQKmZ/vtmLldb4ArvKur2L4SphKmXUC3dxAOYfa/v/BJLyY wTftYiL5o6qCuRVLe4VHCnQXqDlk76LVsNfW2DCHXCz4UBoRZS4oNZzaL3/KFFrzlZzFvw == ---- END SSH2 PUBLIC KEY ---- The 2000-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAJAAABAAAAABAAAA+wDgCjvr7flsjR6oR1h2uAJHOWJCBlyx14 uOUTWhj8tNfNKFolv4RG8kO+pEchFOTYELZilB9Tc51DXoaOQl+OJGHU9NNbyxqfscwkKg xTK2BxYAahVr9p/CI5+ffMe3cHEmBa5x2lnrI5NXzXlb93lGVpJkj9ie9uDCqbuk6iQIGo oeOyk1ybQHf56HtsZwQ/TfJNTzUj80jqk7biI0dAO2WgZbzBVp700Zrqs2lucmD0T0m/XX bSWMWIMM2W7+QbWirgZDB7YnOLLtxp1zUsKIDDeqtIRYhJ9R90ccxwpK3ZNgAqxhfnpZJF reoDE+RdweRJrpyn0kwpmR ---- END SSH2 PUBLIC KEY ---- The 2047-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAAQAAAAAABAAABAGFAPyhSBowGaKtrqq7j0dpG/yrrkeJi5I SwKf4RT0Lh219oiAFaBAIQKHrfynOWwn2EvaEiA5wfsa2vFHjDQsR+lYX17e0NGQr9C1sK GU+gKBR5zCPRuInXasJMdR0U373xws7Q9hqiTLws9iz9jL/w0WDwhCEInVKqe28Pvdf6+u PohMx25xyRIKVvmA6Xv/+fAJGr5NdLHoMzcO3Et2SYYTQbnGFNMLW8b0LyHBVmo9EoyEbZ 5hZ9xjz1Px6CD/sxp6csBgTZcMICCstmpVzw8qT49x3g+2oh0h/kXFa+bnG83696L5swyW xMpSnkC2LocIUjRDwK/+1Ar0wof6U= ---- END SSH2 PUBLIC KEY ---- The 2048-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAAAAQAABABAAABAQCsoWSHYQTy25TRSq6tKfl2hUT993Vplh xJ0de8rGqUvSdyLquGoQ5Nrja1+KmrUPlpvBBfv5xC0cKkjE2gIZAOUeL2OS0jfVh8I3nm it9d0gENWjT05FfFg5SghrJp+s/sj3gqDN5BMtRZIuXIUMdCPd37VWsKf3kDNU0UFBrCSi RoQ6WzZCQti8O2TJrbuGVuIZXjX4eSEG+b+aXfOleaHL2b9L7z4jmjGt3Wgysv3bakYtRN yteTjzCi4TTULriIdwwMpvX7mIxdGYWddgsnnb55zukjALrk3XcbsQci2Ui46jJCDCrYMb 6VjwsuUI432jO4eAwUrcX/NYwt7mLz ---- END SSH2 PUBLIC KEY ---- The 2049-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAEQAAAAAABAAABAQGFZADhDuJvbJ+ECAaa5Moip5xG7+bFnB HceR4u13St/Lp2wzHBs86pM2QVOlwHQ+/8jIEVaOkE0ibuFmGhkY5DI7+DDedxENQOPv24 AUXJP2mMWdcv0tk2Za4UeEoKt2ndTNocQMjn5gbC7hjl72jP4eSaRbaDIAORPW6yDTggP+ cxvlBaKborL1pnuorKspeTpsRsnsoKtPPRpOts2nmYnOex+xZvyHaazhSc4GFvZvnAwyOH nI5DsApfgj/mX+etl5/GsgTZyNU7qkTstPQHePM6cIhUN9KFKyjstHCxGYwynl7IkR5PlN JgA/cg3+styPOtD/Sn4o8PraD70833 ---- END SSH2 PUBLIC KEY ---- The 3000-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAAAQAEAAABAAABeADtcXGU/2EfFtW2/IWssyfDo+ilkrwh6Q Jh+GvGDfK0KQ1IxB0k5IXsWd3w5evT9QIthLuji7whjH5W3zBbjZ44AjVTxqAYoP+H+vPU tJbFt44HzYlsgdVHExVhAJmh/Jqwm7+CDvx6KdDxj/qRBSrCt1K8eK/ond7gYqVmQXoV+N 850STPX1y2fSbbP5V4QVjloFryB0gu/oU06MTHRC+Cc+1G3mWWSEQF3h6GvYjAAggb49vM xPnvEf+9lQrFVQGXHzjiM1FhI90rutKJgHhgRL+CSaydGgo6EWvq8uwYQtNNn9WXSsk/vW afVoE4LR/VSop86uwZWIuKh/MbGnBFCLClwuGKS/04sNr7dQ2P6tjqC0E9dmrpSBGVIksl 5w5X2XBOyUVBp3Iq2ioJGKG7Lp8+cUdOdDrWAfdlBjtjLyut+0NxohHWhpYj16OqhTYJxA Yw760TSY/4bKY3WK8n7/dN/hJongj/dE2Sn7Ep2bkGuG4g4wE= ---- END SSH2 PUBLIC KEY ---- The 4096-bit key: ---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAAJAIAAAAAAACAJAAACAQDKlql1d06LnVZdxOjx27m14VIQ1ial3m vH3Os+bYBPNtWq8AMIj0ohLQ1HoXxqC6ODf+rJjZXvTx5c7rC9TvJ7NkjAsg3RV4J7CNtO 2THF+d9P77I/mQzDE9SyRGxi+F0nS+q7hyfXl12LBZud7gwya9Wiyhh0gNaBSL/lNKKPsk SASAwpMvby681DEO+BqXmb94iiFRetopPP8qoUtk4alnd1Ty9VRaS4suWsw6uGsdT379Jr B+MSf/qUzCLFF0BAwqf1RS6FqgA8x/UMTZ5zFF2lVEXon3SE9pz5oXEibTvYVE5DKuUeZ3 0gfF8nFiXnSVgQ/OR2jMCkAS3dJCMc4ZSZPpsKIG/I66KDT+5I4G4pCjLPsp742XB8V1t6 n82S2zf8pl+blmMd35hGs5Qa7gOs3Z8C+NwtqpKGMINA8EVatFOzosNpzxJpQKXAuObU8D KNnvGGBkgiDcoAaWn+IqRYAnARGdJZVahfFCItuA4Wn1TrUxNumoLCEd7tnK7+De7PjNZo 6wX/8pV7LmsexSjrVY+sPBdNy/1/4EnPq2N1GyUg4zldtwLf5YrBPfBgXljDk369Mp6CcT 9lJZce2Ec5kfhnqMEMo+vMiZ5XsQMWUx+jFZYhod54FfwG8OOKEkN4bnpgb2WfvFqWyx0N 1Cojtj9Crq5oxc1WbL/IxQ== ---- END SSH2 PUBLIC KEY ---- MD5-hex is the oldest format. It is just the MD5 hash of the data blob (the base64ed data in the above), converted to hex and presented with : used as an octet separator. Here are the fingerprints of the above keys in this format: Size Fingerprint 1024 e1:c6:7d:8b:86:d3:b6:12:6e:6a:96:e1:11:97:25:45 2000 bc:19:de:da:bc:32:34:9f:c6:f4:da:05:bd:c6:b5:bd 2047 48:0a:e2:0a:c1:84:86:04:f5:2e:35:e3:ac:a9:aa:b3 2048 7a:bc:c5:3b:04:20:84:62:d2:fa:83:aa:82:a0:c4:27 2049 70:47:85:f2:6c:3c:dd:df:6a:5c:70:23:a3:4c:d0:2b 3000 9a:05:90:5f:b2:75:ba:02:c0:aa:11:79:bc:2d:55:e1 4096 f8:13:bf:25:a9:27:45:b7:69:53:c3:d6:16:e6:d1:bd MD5-base85 contains the same data as MD5-hex, but presented in a more compact form. This is computed by treating the MD5 hash as a single 128-bit number (the most significant octet is the one printed first in MD5-hex format) and representing that number as 20 digits in base 85, using most of the ASCII characters as digits. Note that all 20 digits are always used, even if one or more most-sigificant digits are zero. Since this file is in ASCII, and most implementors will probably use ASCII or supersets of ASCII, the characters are given directly here. To help detect cases where the file gets transferred in a way that involves some other character set (and thus quite likely corrupts the test output), the ASCII codepoints are given (in hex) as well. Each triple here has the base-85 digit value first, then the ASCII codepoint in hex, then the character. 0 30 0 13 44 D 26 51 Q 39 64 d 52 71 q 65 29 ) 78 40 @ 1 31 1 14 45 E 27 52 R 40 65 e 53 72 r 66 2a * 79 5b [ 2 32 2 15 46 F 28 53 S 41 66 f 54 73 s 67 2b + 80 5d ] 3 33 3 16 47 G 29 54 T 42 67 g 55 74 t 68 2c , 81 5f _ 4 34 4 17 48 H 30 55 U 43 68 h 56 75 u 69 2d - 82 7b { 5 35 5 18 49 I 31 56 V 44 69 i 57 76 v 70 2e . 83 7c | 6 36 6 19 4a J 32 57 W 45 6a j 58 77 w 71 2f / 84 7d } 7 37 7 20 4b K 33 58 X 46 6b k 59 78 x 72 3a : 8 38 8 21 4c L 34 59 Y 47 6c l 60 79 y 73 3b ; 9 39 9 22 4d M 35 5a Z 48 6d m 61 7a z 74 3c < 10 41 A 23 4e N 36 61 a 49 6e n 62 23 # 75 3d = 11 42 B 24 4f O 37 62 b 50 6f o 63 25 % 76 3e > 12 43 C 25 50 P 38 63 c 51 70 p 64 28 ( 77 3f ? (The characters not used from ASCII are the control characters 00-1f, DEL (7f), space (20), and !"$&'\^`~ (21 22 24 26 27 5c 5e 60 7e).) MD5-base85 fingerprints are, of course, usable only in environments which support all the necessary characters. Note that, because 85^20 is greater than 2^128, some 20-digit base-85 encodings do not encode any possible MD5 hash. Implementations that accept input fingerprints in this format must be careful to handle invalid input correctly. Here are the fingerprints of the above keys in this format: Size Fingerprint 1024 )-E9B)1ux3DYwS)gndev 2000 s.wgc0gi6dX6H6.A>:px 2047 L03PWC-v1K@R}.DjQ;P2 2048 Z*BdcBRs,o-}bkf}OK%b@uJf}vaEi:;dIs 4096 :Q%(P6W,o-flqMVBK9S?