search

Found

info Overview

Paste an OpenSSH public key to view its SHA-256 and MD5 fingerprints, key type, bit length, and comment, all parsed locally in your browser.

📘 How to Use

  1. Paste your OpenSSH public key into the text area
  2. Read the key type, bit length, and SHA-256 and MD5 fingerprints

SSH Key Fingerprint Viewer

grid_view Related

Article

SSH Key Fingerprint Viewer | Check SHA-256 and MD5 of a Public Key

Paste an OpenSSH public key and this tool shows its SHA-256 and MD5 fingerprints, key type, bit length, and comment. It is the browser equivalent of running ssh-keygen -lf key.pub, without opening a terminal.

💡 About this tool

The first time you SSH into a new host, you get the classic prompt: The authenticity of host '...' can't be established. ED25519 key fingerprint is SHA256:.... That string is exactly what this tool computes. Paste the host's public key (or your own .pub file) and compare the fingerprint to what you expect before you type yes.

It is also handy after adding a key to GitHub, GitLab, or a server's authorized_keys. GitHub shows the SHA-256 fingerprint next to each key in your account settings, and this tool lets you confirm a .pub file produces the same value, so you know which physical key a listed fingerprint belongs to. The MD5 form (the colon-separated hex you may remember from older ssh-keygen output) is still printed by legacy tooling and shows up in old runbooks, so both are displayed side by side.

The key you paste is parsed entirely in your browser and is never sent to a server; all hashing runs on your own device.

🧐 Frequently asked questions

Can I paste a private key? No, paste a public key, the single line that starts with ssh-ed25519 AAAA..., ssh-rsa AAAA..., and so on. A private key (starting with -----BEGIN OPENSSH PRIVATE KEY-----) is not needed: fingerprints are derived from the public half only.

Should I trust the SHA-256 or the MD5 fingerprint? Modern OpenSSH defaults to SHA-256 (the SHA256: Base64 string). MD5 (32 hex digits in colon-separated pairs) is the legacy format, useful only for matching older docs or tools. For anything new, compare the SHA-256 value.

Which key types are supported? RSA, Ed25519, Ed448, ECDSA (P-256 / P-384 / P-521), DSA, and the FIDO-backed Ed25519-SK and ECDSA-SK. Bit length is read from the modulus for RSA and from the curve for elliptic-curve keys.

Does this match ssh-keygen -lf? Yes. SHA-256 is computed with the browser's native Web Crypto API and shown in the same Base64 form (no trailing padding) that ssh-keygen prints. MD5 matches ssh-keygen -E md5 colon-separated output.

📚 Why a fingerprint instead of the whole key

A public key is hundreds to thousands of bits long, which is impractical to eyeball. A fingerprint hashes that blob down to a short, fixed-length string you can read aloud or paste into a chat to confirm a match. SSH leaned on MD5 for years because, for key comparison, brevity and readability mattered more than collision resistance. OpenSSH 6.8 switched the default to SHA-256, which is why current clients print the longer ~44-character Base64 value. The one-way property is the point: matching fingerprints confirm two keys are identical, but you can never reconstruct the key from its fingerprint.