Snowflex. Transport. Http. KeyFingerprint
(Snowflex v1.5.0)
View Source
Computes the Snowflake key-pair-auth public-key fingerprint from an RSA private (or public) key PEM.
Snowflake stores this value per user as RSA_PUBLIC_KEY_FP (visible via
DESC USER <name>;). It is defined as:
base64(sha256(DER-encoded SubjectPublicKeyInfo of the RSA public key))and reproduces this OpenSSL pipeline:
openssl rsa -in rsa_key.p8 -pubout -outform DER \
| openssl dgst -sha256 -binary \
| openssl base64Notes
- It is the SubjectPublicKeyInfo (SPKI), not PKCS#1, that Snowflake hashes
(
-----BEGIN PUBLIC KEY-----, the RSA key wrapped in anAlgorithmIdentifier). Hashing the bare PKCS#1 key would yield a plausible-but-wrong fingerprint. - Snowflake key-pair auth is RSA only. EC/DSA keys surface loudly as
{:error, {:unsupported_key, _}}.
Summary
Functions
Computes the bare-base64 Snowflake public-key fingerprint from a PEM.
Like fingerprint/2, but returns the fingerprint string or raises.
Functions
Computes the bare-base64 Snowflake public-key fingerprint from a PEM.
Accepts a private key PEM (derives the public key) or a public key PEM (SPKI).
password is the charlist password for an encrypted private key; pass ~c""
(the default) for an unencrypted key.
Like fingerprint/2, but returns the fingerprint string or raises.