step crypto key fingerprint

Name

step crypto key fingerprint -- print the fingerprint of a public key

Usage

step crypto key fingerprint <key-file>

Description

step crypto key fingerprint prints the fingerprint of a public key. The fingerprint of a private key will be only based on the public part of the key.

By default the fingerprint calculated is the SHA-256 hash with raw Base64 encoding of the ASN.1 BIT STRING of the subjectPublicKey defined in RFC 5280.

Using the flag --ssh the fingerprint would be based on the SSH encoding of the public key.

Note that for certificates and certificate request, the fingerprint would be based only on the public key embedded in the certificate. To get the certificate fingerprint use the appropriate commands:

$ step certificate fingerprint <x509-crt|x509-csr> $ step ssh fingerprint <ssh-crt>

Positional arguments

key-file Path to a public, private key, certificate (X.509 and SSH) or certificate request.

Options

--sha1 Use the SHA-1 hash with hexadecimal format. The result will be equivalent to the Subject Key Identifier in a X.509 certificate.

--ssh Use the SSH marshaling format instead of X.509.

--password-file=file The path to the file containing passphrase to decrypt a private key.

--raw Print the raw bytes instead of the fingerprint. These bytes can be piped to a different hash command.

--format=format The format of the fingerprint, it must be "hex", "base64", "base64-url", "base64-raw", "base64-url-raw" or "emoji".

Examples

Print the fingerprint of a public key:

$ step crypto key fingerprint pub.pem

Print the fingerprint of the public key using the SSH marshaling:

$ step crypto key fingerprint --ssh pub.pem

Print the fingerprint of the key embedded in a certificate using the SHA-1 hash:

$ step crypto key fingerprint --sha1 cert.pem

Print the same fingerprint for a public key, a private key and a certificate all of with the same public key.

$ step crypto key fingerprint id_ed25519 $ step crypto key fingerprint id_ed25519.pub $ step crypto key fingerprint id_ed25519-cert.pub

Print the fingerprint of the key using an external tool:

$ step crypto key fingerprint --raw pub.pem | md5sum

Print the fingerprint of the public key of an encrypted private key:

$ step crypto key fingerprint --password-file pass.txt priv.pem