SSH Key Fingerprint Generator

How to use

1. 1Paste one or more OpenSSH public keys into the input box. The format is the same as a line in authorized_keys: algorithm, base64 blob, and an optional comment, all on a single line. Blank lines and lines starting with # are ignored.
2. 2Read the parsed key metadata for each key: the algorithm family (RSA, Ed25519, ECDSA, DSA), the RSA modulus bit length when applicable, and the optional comment, so you know what you are about to fingerprint.
3. 3Copy the SHA-256 fingerprint (the modern OpenSSH default, prefixed SHA256:) or the MD5 fingerprint (the legacy ssh-keygen output, prefixed MD5:) using the per-row Copy button.
4. 4Optionally toggle SHA-256 randomart on or off. The drunken-bishop ASCII art is what OpenSSH prints with VisualHostKey and gives you an eyeball-friendly version of the same fingerprint.
5. 5Use Copy all fingerprints to grab a clean block with the algorithm label, comment, SHA-256, and MD5 lines for every parsed key, ready to paste into a code review, an incident channel, or an audit log.

About this tool

SSH Key Fingerprint Generator turns one or more OpenSSH public keys into the same SHA-256 and MD5 fingerprints that ssh-keygen prints with the -l flag, so you can verify what key is in front of you without running anything on a server. The tool accepts the exact format you already have on disk and in cloud panels: a single line per key with the algorithm name (ssh-ed25519, ssh-rsa, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, sk-ssh-ed25519@openssh.com, sk-ecdsa-sha2-nistp256@openssh.com), the base64-encoded key blob, and an optional comment. Lines that begin with # are treated as comments and skipped, blank lines are ignored, and you can paste an entire authorized_keys file or a github.com/<user>.keys export in one go. For every key the tool computes the SHA-256 fingerprint (the modern OpenSSH default since version 6.8, formatted as SHA256:<base64 with padding stripped>) and the MD5 fingerprint (the legacy format that older ssh-keygen versions and many cloud provider panels still display, formatted as MD5:<colon-separated hex pairs>). The SHA-256 hash is computed with the Web Crypto API; the MD5 hash uses a small RFC 1321 implementation already shipped with this site, because Web Crypto deliberately does not expose MD5. The tool also parses the SSH wire format inside the key blob to surface the algorithm name embedded by the key generator (which should match the outer label) and, for RSA keys, the modulus bit length, so you can confirm at a glance whether you are looking at a 2048-bit, 3072-bit, or 4096-bit RSA key. A drunken bishop SHA-256 randomart visualization, the same ASCII art OpenSSH prints with VisualHostKey, is rendered next to each fingerprint as an optional eyeball check. The Copy all fingerprints button produces a clean text block ready to paste into a code review, a Slack message confirming a key rotation, or an audit log. Useful for verifying that a public key you copied from a teammate matches the fingerprint printed by GitHub, GitLab, Bitbucket, AWS EC2, GCP Compute Engine, DigitalOcean, Hetzner Cloud, Linode, or any other host that displays SSH key fingerprints; confirming that a known_hosts entry corresponds to the server you are about to connect to; auditing the contents of an authorized_keys file before deploying it; and double-checking key material during onboarding, offboarding, and certificate rotations. The keys you paste are parsed and hashed entirely in your browser; nothing is uploaded. As with every reputable fingerprint tool, paste only the public key (the line starting with ssh-rsa, ssh-ed25519, ecdsa-sha2-*, and so on). Private keys are secret and must never be shared with any online tool; fingerprinting only requires the public half.

Free to use. Works in your browser. No signup, no login.