- Introduction
- Overview
- License agreement
- Getting Started
- Objects
- Enumerations
- wodSSHD
- Methods
- Properties
- Events
- Connecting
- CryptoInformation
- Disconnected
- LoginGSSAPI
- LoginPassword
- LoginPubkey
- PortBindRequest
- PortForwardConnect
- PortForwardDisconnect
- PortForwardRequest
- Received
- ServiceRequest
- ServiceStart
- SftpDeleteFile
- SftpDownloadFile
- SftpFileTransferData
- SftpListDir
- SftpListDirData
- SftpMakeDir
- SftpProgress
- SftpRemoveDir
- SftpRename
- SftpTransferComplete
- SftpUploadFile
- StateChanged
- IwodSSHDNotify
- Methods
- Connecting
- CryptoInformation
- Disconnected
- LoginGSSAPI
- LoginPassword
- LoginPubkey
- PortBindRequest
- PortForwardConnect
- PortForwardDisconnect
- PortForwardRequest
- Received
- ServiceRequest
- ServiceStart
- SftpDeleteFile
- SftpDownloadFile
- SftpFileTransferData
- SftpListDir
- SftpListDirData
- SftpMakeDir
- SftpProgress
- SftpRemoveDir
- SftpRename
- SftpTransferComplete
- SftpUploadFile
- StateChanged
- Methods
- SSHKeyPair
- SSHUser
- SSHUsers
- How to get support
- Technical information
- Fast notifications
- Error list
FingerPrint property
Type
A Variant value.Syntax
- Basic
The FingerPrint(object,KeyType,DigestType) syntax has these parts:
object | An expression evaluating to an object of type SSHKeyPair. |
KeyType | Required. A SSHKeyTypes enumeration, as described in settings. Type of the key (RSA, DSA or ECDSA). |
DigestType | Optional. A Variant value. Type of digest algorithm (MD5 or SHA1). |
Remarks
The settings for KeyType are:
Constant | Value | Description |
---|---|---|
RSAkey | 0 | Uses RSA cipher to create keys. |
DSAkey | 1 | Uses DSA cipher to create keys. |
ECDSAkey | 2 | Uses ECDSA cipher to create keys. |
FingerPrint method will return string of length 16-20 characters, that hold (almost) unique fingerprint for the requested key.
Fingerprints are used when there is a need to determine if some keys match. Since keys can be pretty large, checking if some keys match is pretty hard to do. Therefore when client wants to be sure of server's identity, it can connect to the server, check server's fingerprint information, and check if it matches with locally stored value. If client is connecting for the first time then there's no way of checking for stored values, so the client must decide whether he will trust received key or not. Client can ask server's maintainer (through some private channel, like telephone for example) to send fingerprint information about some key and then on each connection test if it matches received key. 20 byte fingerprint is much easier to test than few hundreds bytes that are actually contained in each key. Digest algorithms MD5 or SHA1 are used to calculate 16/20 byte fingerprint which is different for each key.
You can use this method to read fingerprint information for some key, and you can, for example, publicly announce it on your webpage or similar place , so users that connect can be sure that they are connecting to proper server and no one is tampering on your connection.
Instead of String expression, you can read fingerprint data also as byte array, using FingerPrintData method.