| Field | Value | Copy |
|---|---|---|
| {{ row.label }} |
{{ row.value }}
{{ row.value }}
|
|
| Warnings |
|
|
| Error | {{ single.error }} |
| Type | Bits/Curve | SHA256 | Comment | Copy |
|---|---|---|---|---|
| {{ r.typeLabel }} | {{ r.bits }} {{ r.curve }} — | {{ r.sha256 }} | {{ r.comment || '' }} | |
| No rows. | ||||
Secure Shell public keys are identity tokens that prove possession of a corresponding private key during connection setup, and they travel well across systems when encoded correctly. Many teams need a quick way to convert a key between common formats and confirm the fingerprint that other tools display, so everyone can compare the same string with confidence.
Here you paste a public key and receive its fingerprints plus clean equivalents in OpenSSH, SSH2 Public Key, and PEM forms. The result helps you match what is printed on servers, configuration notes, or audit logs without touching any private material.
Typical uses include verifying a newly provisioned key before rollout, rewrapping a key for systems that expect PEM, or sharing a short fingerprint when confirming access with a colleague. Keep inputs consistent, and prefer copying directly from a known source to avoid stray whitespace.
If a block contains several items and you only want one, process a single line first to confirm the fingerprint, then switch to batch when you are ready. Public keys are safe to share, yet treat them carefully in shared documents so they do not get truncated or reformatted.
The underlying object is a Secure Shell (SSH) public key. The tool observes the algorithm family and key material, then computes two identifiers on the canonical SSH key blob. It finally renders equivalent encodings for OpenSSH one‑line format, SSH2 Public Key blocks defined in RFC 4716, and a PEM SubjectPublicKeyInfo (SPKI) wrapper.
Computation begins by parsing the SSH key blob to recover the algorithm label and its parameters. From that byte sequence, two fingerprints are produced so operators can cross‑check identities across hosts and tooling without exposing private data.
| Symbol | Meaning | Unit/Datatype | Source |
|---|---|---|---|
| B | SSH key blob bytes after type and parameters are packed | bytes | Derived |
| FSHA256 | Primary fingerprint shown as “SHA256: …” | Base64, no padding | Derived |
| FMD5 | Legacy fingerprint for compatibility displays | Hex pairs with “:” separators | Derived |
| n, e | RSA modulus and public exponent | BigInt | Parsed |
| c | Elliptic curve name (nistp256, nistp384, nistp521) | string | Parsed |
| Q | Uncompressed EC public point | bytes | Parsed |
| type | Algorithm label (RSA, ECDSA, Ed25519) | string | Parsed |
Comment: header, and a PEM “PUBLIC KEY” wrapper.
Comparability notes: fingerprints match common host tools when the same blob is used. For ECDSA, bits are implied by c and reported as 256, 384, or 521. For RSA, bit length is taken from the modulus n. Ed25519 always reports 256.
n,e or c,Q or Ed25519 key).| Field | Type | Min | Max | Step/Pattern | Error Text / Behavior |
|---|---|---|---|---|---|
| OpenSSH line | text | — | — | ^(ssh-rsa|ssh-ed25519|ecdsa-sha2-[a-z0-9-]+)\s+[A-Za-z0-9+/=]+ |
Unknown input format → parse error; ssh-dss is not accepted. |
| SSH2 block | text | — | — | Begins ---- BEGIN SSH2 PUBLIC KEY ---- |
Optional Comment: "..." supported; body is base64 only. |
| PEM SPKI | text | — | — | -----BEGIN PUBLIC KEY----- |
RSA, Ed25519, and ECDSA nistp256/384/521 are recognized. |
| PEM PKCS#1 RSA | text | — | — | -----BEGIN RSA PUBLIC KEY----- |
Parsed as modulus/exponent and converted to SSH formats. |
| SSH2 wrap column | number | 40 | 128 | step 1 | Applied to SSH2 body lines; PEM wraps at 64 by design. |
| Comment override | text | — | — | Plain text | Replaces detected comment on OpenSSH and SSH2 outputs. |
| Batch mode | bool | — | — | Detects multiple items | Optional de‑duplication collapses identical SHA256 fingerprints. |
| Input | Accepted Families | Output | Encoding / Precision | Notes |
|---|---|---|---|---|
| Text | OpenSSH line, SSH2 block, PEM PUBLIC KEY, PKCS#1 RSA PUBLIC KEY | OpenSSH · SSH2 · PEM | Exact re‑emit from parsed parameters | Comments preserved or overridden as configured. |
| File | .pub · .pem · .txt; drag‑and‑drop .der/.cer supported | Same as above | Binary DER is wrapped to PEM then parsed | Private keys are rejected. |
| Fingerprint | — | SHA256 · MD5 | Base64‑no‑pad; colon‑hex | Both computed over the SSH blob. |
Processing is browser based; no data is transmitted to a server. Files and text are handled locally, and outputs are generated on the page. No server‑side retention occurs.
ssh-dss) is not supported.No data is transmitted or stored server‑side. Public keys are not confidential, yet handle them according to your organization’s policy.
Public key conversion and fingerprinting, from paste to verified outputs.
You now have consistent encodings and fingerprints ready for review or deployment.
No. Processing happens in the browser. Nothing is sent to a server or retained beyond your session.
Public keys only; private keys are refused.RSA, ECDSA on nistp256/nistp384/nistp521, and Ed25519. DSA is not supported.
The text did not match OpenSSH, SSH2 Public Key, PEM PUBLIC KEY, or PKCS#1 RSA PUBLIC KEY patterns. Check headers, footers, and base64.
They are deterministic for a given key blob and align with common host tools that show SHA256 without padding and MD5 as colon‑hex.
Yes. Paste a PEM PUBLIC KEY; the OpenSSH and SSH2 outputs are produced from the parsed parameters.
Yes. It runs locally in your browser after the page loads.
No usage limits are shown here. Consult your organization’s policies before distributing generated outputs.
Certificate signing requests are outside scope. Extract the public key first, then paste that here to inspect fingerprints and encodings.