In public-key cryptographic systems , a fingerprint of a public key is a sequence of bytes used to identify a longer key than the fingerprint of the public key .
Public key fingerprints are created by applying a cryptographic hash function to the public key. Because fingerprints are shorter than these keys themselves, they can be used to simplify the management of public keys.
Creating a public key fingerprint
A public key fingerprint is typically created using the following steps:
- The public key (and possibly some additional data) is represented by a sequence of bytes. To be sure that the fingerprint of the same key will always be the same, the method for obtaining it must be strictly coordinated, and if there is any additional data besides the key itself, they must also be transmitted and stored together with the public key.
- The data obtained in the previous step is hashed using a cryptographic hash function, such as, for example, SHA-2 or RIPEMD-160 .
- If desired, the data obtained at the output of the hash function can be truncated to provide a shorter, more convenient type of prints, but this should also be taken into account by all parties using these prints.
For example, while a typical RSA public key will have a length of 2048 bits, the length of prints received using the MD5 or SHA-1 function will be only 128 or 160 bits in length, respectively.
For readability, footprints are usually encoded in hexadecimal notation and broken down into groups of characters. For example, a 128-bit hash sum obtained using MD5 for SSH will be displayed as follows:
43: 51: 43: a1: b5: fc: 8b: b7: 0a: 3a: a9: b1: 0f: 66: 73: a8
See also
- Digital prints
- Key management