Back to product page
FingerPrint property
Returns fingerprint of the private key, as string expression.
Type
A String valueSyntax
- Basic
object.FingerPrint(KeyType, [DigestType])
The FingerPrint(object,KeyType,DigestType) syntax has these parts:
The FingerPrint(object,KeyType,DigestType) syntax has these parts:
object | An expression evaluating to an object of type Keys. |
KeyType | Required. A SSHKeyTypes enumeration, as described in settings. Type of the key. |
DigestType | Optional. A Variant value. Type of digest algorithm (MD5 or SHA1). |
Remarks
The settings for KeyType are:Constant | Value | Description |
---|---|---|
RSAkey | 0 | Returns fingerprint for RSA key. |
DSAkey | 1 | Returns fingerprint for DSA key. |
ECDSAkey | 2 | Returns fingerprint for ECDSA key. |
FingerPrint method will return string of length 16 or 20 characters, that hold almost unique fingerprint for the requested key.
Fingerprints are used when there is a need to determine if some keys match (are the same). Since keys can be pretty large, checking if some keys match is pretty hard to do. Therefore when client wants to be sure of server's identity, it can connect to the server, check server's fingerprint information, and check if if match with the value previously stored locally. If client is connecting for the first time then there's no way of checking for stored values, so the client must decide whether he will trust received key or not. Client can ask server's maintainer (through some private channel, like telephone for example) to send fingerprint information about some key and then on each connection test if it matches received key. 20 byte fingerprint is much easier to test than few hundreds bytes that are actually contained in each key. Digest algorithms MD5 or SHA1 are used to calculate 20 byte fingerprint which is different for each key.
You can use this method to read fingerprint information for some key, and you can, for example, publicly announce it on your webpage (or similar place), so users that connect can be sure that they are connecting to proper server and no one is tampering on your connection.
Instead of String expression, you can read fingerprint data also as byte array, using FingerPrintData property.