I've been playing with openssl in order to try to obtain an RSA public key fingerprint. Example:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzYuc22QSst/dS7geYYK
5l5kLxU0tayNdixkEQ17ix+CUcUbKIsnyftZxaCYT46rQtXgCaYRdJcbB3hmyrOa
vkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vdi/0rpoUwPMEh8+Bw7CgYR0
FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0iwzhtKRXomBWTdhD5ykd/fAC
VTr4+KEY+IeLvubHVmLUhbE5NgWXxrRpGasDqzKhCTmsa2Ysf712rl57SlH0Wz/M
r3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY+XkiCcrkyS1cnghnllh+LCwQu1s
YwIDAQAB
-----END PUBLIC KEY-----
I used:
openssl pkey -pubin -in public1 -pubout | openssl sha256 -c
And this is the output:
(stdin)= 06:83:07:a4:50:60:e1:45:7a:4a:43:e7:1a:8e:e9:81:84:20:45:be:4f:d1:c5:eb:a4:28:aa:73:26:3f:36:9b
Is this the fingerprint? If yes, will it work for various openssl keys? How is it being calculated? (I'm asking because I would like to implement it with Python)
I think it's better to digest only the binary contents of Publickey as fingerprint.
You can directly decode base64 contents and pipe to openssl sha256:
# Don't forget remove header line and bottom line
sed '1d;$d' ./pub.key | base64 -D | openssl sha256
BTW, openssl pkey -pubin -in ./pub.key -pubout (pubin and pubout) will output same content with your pub.key file like your first example.
I think you want to convert with pkey from pem to der (so that you can avoid maually format and decode base64)
openssl pkey -pubin -in pub.key -outform DER | openssl dgst -sha256 -c