Public Key Fingerprint
SHA-256, SHA-1, MD5 fingerprints for SSH public keys and PEM blobs. OpenSSH-style and hex output.
published
- [FREE]
- [NO_SIGNUP]
- [NO_UPLOAD]
A public-key fingerprint generator computes the standard SHA-256, SHA-1, and MD5 hashes over an SSH public key or PEM-encoded blob. The OpenSSH-style outputs (SHA256:abc123…, MD5:01:02:…) match what ssh-keygen -lf prints.
Privacy
WebCrypto (SHA family) and SparkMD5 (MD5) both run in your browser. The key text is decoded and hashed in your tab; nothing is uploaded.
Frequently asked questions
What is a key fingerprint?
A short hash of the public key bytes. Used to identify or verify a key out-of-band — comparing the fingerprint shown by `ssh-keyscan` against one published on a webpage, for example. Fingerprints are not secret; the matching private key is.
Why does OpenSSH show SHA-256 by default?
SHA-256 replaced MD5 as the OpenSSH default in version 6.8 (2015). MD5 fingerprints are still computed for legacy compatibility, but new key verification flows should use SHA-256.
What formats does this tool accept?
OpenSSH public keys (`ssh-ed25519 AAAA…`, `ssh-rsa AAAA…`, `ecdsa-sha2-nistp256 AAAA…`) and PEM blocks (`-----BEGIN PUBLIC KEY-----`, `-----BEGIN CERTIFICATE-----`). The base64 body is decoded directly — no key material is sent anywhere.
Is this safe to use on private keys?
The tool only computes fingerprints over whatever bytes you give it. If you paste a private key, the fingerprint is computed locally and the private key never leaves your browser. That said — fingerprints of private keys aren't a standard thing; you almost always want the fingerprint of the matching public key.