How can I verify publicKey fingerprint generated by other languages(Ruby)

Hello,

I am trying to verify a EC publicKey(prime256v1) fingerprint generated by Ruby by using Swift's CryptoKit but I did't find any source or an example to verify the publicKey fingerprint. Someone please help me to provide a way to do verify in Swift?

Example code to generate fingerprint in Ruby.

OpenSSL::PKey::EC.new(public_key)
fingerprint = key.fingerprint("sha256")

Example PublicKey and its fingerprint

PublicKey

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEJAZCn9MKy4TRr7GPcEdkgrVK0EAE
fsASHQW4hOOj0UtIWAd7e1xT60zVeFPKKJrB7v5OE9Ha/Xs01IcSsVgE1w==
-----END PUBLIC KEY-----

Fingerprint

SHA256:5r1Tcd4ZGfnY+NQIhXHx6mSGB4rz59JK0lrVUZoXNPI
Up vote post of csaicharan Down vote post of csaicharan
1k views
Posted by
csaicharan
Reply
Add a Comment

Replies

It’s hard to say without a clear specification of how this fingerprint is constructed. What you’ve posted:

SHA256:5r1Tcd4ZGfnY+NQIhXHx6mSGB4rz59JK0lrVUZoXNPI

suggests that this is a SHA-256 hash of something, with the hash encoded as Base64. However, when I decode the Base64 the resulting data is 30 bytes long:

% base64 -D > tmp3.dat | xxd
5r1Tcd4ZGfnY+NQIhXHx6mSGB4rz59JK0lrVUZoXNPI
^D
00000000: e6bd 5371 de19 19f9 d8f8 d408 8571 f1ea  ..Sq.........q..
00000010: 6486 078a f3e7 d24a d25a d551 9a17       d......J.Z.Q..

That’s weird because a SHA-256 checksum 256 bits, or 32 bytes, long.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • Thank you, I was checking in to the ruby implementation and the found out that the encoded Base64 part was trimmed with "=" and when I added to the Base64 string it is 32 bytes after I decoded.

    Example base 64 string is 5r1Tcd4ZGfnY+NQIhXHx6mSGB4rz59JK0lrVUZoXNPI=

    Now the big question I have is how I can verify this fingureprint from swift?

    csaicharan
Add a Comment