SSH Public Key Inspector

Parse OpenSSH keys, known_hosts entries, and certificates online to view fingerprints, principals, and algorithm metadata without exposing secrets.

SSH material

The extractor works entirely in your browser. Add multiple keys, private key blocks, or certificate entries and they will all be decoded locally.

Keys detected: 0 · Unique fingerprints: 0 · Warnings: 0

Your browser does not expose the Web Crypto API. PEM private keys will be skipped and SHA fingerprints are limited to MD5 in this session.

Paste any OpenSSH public key, certificate, or private key block to extract its structure, fingerprint, and metadata instantly.

How the extractor works

Every key you paste stays inside the browser. The tool tokenises each line, identifies OpenSSH key types, and decodes the binary payload used by authorized_keys, known_hosts, and certificate formats. When you add unencrypted OpenSSH or PKCS#8 private keys, the extractor rebuilds the matching public key using the Web Crypto API without ever streaming data to a server.

After decoding, the payload is inspected to determine algorithm details, modulus length, curve identifiers, FIDO metadata, or certificate principals. Fingerprints are computed with SHA-256, SHA-1, and MD5 digests so duplicate keys are easy to spot. Structured sections—such as certificate critical options or security key flags—are parsed and summarised to highlight expiry windows, enforcement rules, and attestation requirements.

The final view rebuilds canonical OpenSSH lines, preserves any authorized_keys options or host patterns, and surfaces warnings when declarations diverge from embedded data. Copy helpers let you reuse the decoded values elsewhere without manually cleaning or reformatting the original material.

Related tools

Explore more helpers you might need next.

TOTP Authenticator Generator

Generate TOTP 2FA codes online from Base32 secrets with live countdowns, SHA-1/SHA-256/SHA-512 support, and otpauth links.

JWT Generator

Build and sign JSON Web Tokens online with editable headers, payload claims, and HS256/HS384/HS512 signatures generated locally.

JWT Decoder & Verifier

Decode JWT tokens, inspect claims, and verify HS256, HS384, or HS512 signatures online without exposing secrets.

Password Generator

Generate strong random passwords online with custom length, character sets, and passphrase options powered by secure randomness.