See also: Identity | Security | Cryptography | PGP/GPG

A “Fingerprint,” like on a person’s hand, is used to identify a person via something very small or obscure. In computers, it is used as unique identifiers to determine if a certificate or PGP key has been tampered with via a string of unique characters. A different Fingerprint results if the contents of the certificate or key change in any way. This is accomplished using a hash function. Many people list their PGP fingerprint at the bottom of their e-mails to protect against someone else interfering with the use of their key, also known as a Man-In-The-Middle Attack. This is much easier than searching the entire block of text for differences.

Web browsers and S/MIME-compatible e-mail that use SSL certificates also have fingerprints.


The fingerprint itself often looks like a series of numbers and letters A through F that certificates and public/private.

A PGP key fingerprint looks like this:

DFF3 30DD A34F 7F4A 88FF 934F 98B1 AFE2 3218 A4FA

Most browser/S/MIME fingerprints:


SSH fingerprints:


Technical note: MD5 fingerprints use 16 sets of two characters while SHA1 fingerprints use 20. SHA is generally considered better.


TakeDown.NET -> “Fingerprint