1

I have generated a RSA Public and Private key pair (publickey.pem and privatekey.pem) and i want to calculate the public key fingerprint of the public key. what is the best way to do that in python? I have already searched many articles but couldn't fine any. My public key looks like this: 

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA11K+82kb/BsAWklwjUn50e+MXN536STtMWNVVnbhUZDHW6Qd60q1
Lm2w7jpc63anS0o4ka8sTAGvffubtZBOSgnH6i/j534da+mag7M9u4UNK9AwMc/R
hmdy9vvw+pySE8eQ1i3M/FWy9V4tk5oTq1ZUBsILv+jKsj8fltEbpyYmbG2YnIHn
VBAD/Nup8nfrfdUmcERTP4l015qEtjP2P49lZGDe0V1xdXQUm/ExUuJ/dqs70hTw
HHanp5R9QPPUQOqi482GKUTfTPtBd62vg8nR7qLTgRXEim5c0i5Ap7L3oWxvEXI0
9Xfb40ACxLI2Vma4TIuEfx9ldqHxlrpJ7QIDAQAB
-----END RSA PUBLIC KEY-----

Any help would be appreciated

Edit: I will have several clients signing their http request with their private key and sending the request to the server along with the public key fingerprint so that from the fingerprint i can check which client has sent the request and i can look for the publick key of that particular client with the given fingerprint. Once i have the public key i can verify that the request is authenticated. My currentkey is in RSA format and i need the SSH fingerprint from my pubic key. Is there any way to convert the RSA key to OpenSSH format. I am able to do the same in Node.js with HTTP-Signature library. I want something similar in Python.

Once i have the key in OpenSSH format i can use this: Deriving an SSH Fingerprint from a Public Key in Python to get the fingerprint

Thanks in Advance.

Anmol Bhatia
  • 326
  • 2
  • 5
  • 12
  • @metatoaster A PKCS#1 public key is something different than a SSH public key. – Maarten Bodewes Aug 23 '18 at 12:37
  • 2
    A little more context would help because "public key fingerprint" might refer to several different things. – President James K. Polk Aug 23 '18 at 12:56
  • 1
    @MaartenBodewes in principle it is the same, but unless the specific details are clarified by what is meant by "public key fingerprint", taking the md5/sha256 checksum of the decoded base64 string **is** a way to generate a fingerprint, as a fingerprint of some cryptographic key is literally a checksum of the contents of the key itself. – metatoaster Aug 23 '18 at 13:58
  • 1
    To the OP: provide an example `openssl` command that you want replicated using Python code might help, e.g. `openssl rsa -RSAPublicKey_in -in key.pem -inform PEM -outform DER 2>/dev/null | openssl md5 -c | awk '{print $2}'` – metatoaster Aug 23 '18 at 14:00
  • Anmol, please indicate what you are trying to achieve with the given question. Do you need the fingerprint for a specific protocol such as SSH? Without it I will close it as "unclear what you are asking". I agree with James that more context is needed. – Maarten Bodewes Aug 23 '18 at 14:25
  • @metatoaster OpenSSH doesn't use a PKCS#1 encoding format for the public key; you would have to convert to SSH format before being able to compute the SSH compatible fingerprint. Both PKCs#1 and SSH use base64, but the base64 contents are quite different. – Maarten Bodewes Aug 23 '18 at 14:44
  • @MaartenBodewes yes I am very well aware of the difference between OpenSSH and OpenSSL, but as I noted, only the OP can tell us exactly what they need to fingerprint (hence the example command; if OP had given an OpenSSH key, the `key.pem` argument would become something like `<(ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PEM)`). – metatoaster Aug 23 '18 at 15:11
  • @metatoaster Let's wait for an answer of Anmol, it's 10 hours since he posted, he may be sleeping :) If it is a duplicate I'll use my gold crypto medal to close it. If it gets closed too early it may be hard to reopen the question (crypto questions like these just get too little traffic for that to happen). If no clarification is forecoming I'll try and close it as "unclear what you are asking" of course. – Maarten Bodewes Aug 23 '18 at 15:41
  • thanks guys for replying, yes i did see the example given here https://stackoverflow.com/questions/6682815/deriving-an-ssh-fingerprint-from-a-public-key-in-python. I will have several clients signing their http request with their private key and sending the request to the server along with the public key fingerprint so that from the fingerprint i can check which client has sent the request and i can look for the publick key of that particular client with the given fingerprint. Once i have the public key i can verify that the request is authenticated. – Anmol Bhatia Aug 23 '18 at 15:49
  • i do need the fingerprint for a specific protocol such as SSH. as my current key is a RSA key and the example given here https://stackoverflow.com/questions/6682815/deriving-an-ssh-fingerprint-from-a-public-key-in-python uses the SSH key. Is there a way to convert the RSA key to Open SSH in python – Anmol Bhatia Aug 23 '18 at 15:51
  • I tried the similar thing in node.js and i was able to convert the key to open SSH using the httpSignature library: httpSignature.pemToRsaSSHKey(public_key) and i am looking for something similar in python. Once i have the key in OpenSSH i can get the fingerprint. – Anmol Bhatia Aug 23 '18 at 15:52
  • I've closed the question as the original question: how to derive the fingerprint in Python has already been asked. If you still have another question (i.e. how to convert from OpenSSL / RSA to SSH / RSA in Python then please ask another question, *after* looking for dupes of course. – Maarten Bodewes Aug 26 '18 at 12:04

0 Answers0