SSH Key Validator
Validate SSH public and private keys. Check key type, format, fingerprint, and comment.
Client-side only — nothing leaves your browser
What is SSH Key Validation?
SSH key validation checks whether a key is properly formatted, identifies its type and properties, and detects common issues. When you encounter errors like "invalid key format" or "key is not in PEM format," a validator helps you understand what type of key you have and what might be wrong. This tool parses both public and private keys, detects the algorithm (RSA, Ed25519, ECDSA, DSA), identifies the format (OpenSSH, PEM, PPK), and computes the SHA256 fingerprint for public keys.
SSH Key Formats
| Format | Header | Used By |
|---|---|---|
| OpenSSH | BEGIN OPENSSH PRIVATE KEY | OpenSSH 6.5+, modern Linux/macOS |
| PEM (PKCS#1) | BEGIN RSA PRIVATE KEY | OpenSSL, older SSH implementations |
| PEM (PKCS#8) | BEGIN PRIVATE KEY | Java, .NET, cross-platform tools |
| PPK | PuTTY-User-Key-File-* | PuTTY, WinSCP, FileZilla (Windows) |
Frequently Asked Questions
How do I check my SSH key type?
You can check your SSH key type by looking at the beginning of your public key — it starts with the algorithm name: ssh-rsa (RSA), ssh-ed25519 (Ed25519), ecdsa-sha2-nistp256 (ECDSA), or ssh-dss (DSA). For private keys, check the header: 'BEGIN RSA PRIVATE KEY' is RSA, 'BEGIN EC PRIVATE KEY' is ECDSA. You can also run 'ssh-keygen -l -f ~/.ssh/id_ed25519.pub' in the terminal to see the type and bit length.
What format should an SSH public key be in?
The standard OpenSSH public key format is a single line with three parts: key-type base64-data comment (e.g., 'ssh-ed25519 AAAAC3... user@host'). Most SSH servers and services (GitHub, GitLab, AWS) expect this format. Other formats include RFC 4716 (multi-line with BEGIN/END headers) and PEM (SPKI format). If you have a different format, you can convert with: ssh-keygen -i -f key.pub > key_openssh.pub.
How do I find my SSH key fingerprint?
Run 'ssh-keygen -l -f ~/.ssh/id_ed25519.pub' to see the fingerprint in SHA256 format. The fingerprint is a hash of the public key data that uniquely identifies it — useful for verifying keys match across systems. GitHub shows key fingerprints in your account settings, so you can compare them. This tool computes the SHA256 fingerprint for public keys entirely in your browser.
Can I check if my SSH key has a passphrase?
For PEM-format private keys, look for 'Proc-Type: 4,ENCRYPTED' or 'BEGIN ENCRYPTED PRIVATE KEY' in the file — these indicate the key is passphrase-protected. For the newer OpenSSH format, it's not visible in the text. You can test by running 'ssh-keygen -y -f ~/.ssh/id_ed25519' — if it prompts for a passphrase, the key is protected; if it outputs the public key immediately, it's unencrypted.
What does 'invalid key format' mean?
The 'invalid key format' error typically means the key file is corrupted, truncated, or in the wrong format for the tool you're using. Common causes include: copying the key without the full base64 data, missing the BEGIN/END markers in PEM keys, extra whitespace or line breaks, using a PEM key where OpenSSH format is expected (or vice versa), or mixing up public and private keys. Try regenerating the key or converting between formats with ssh-keygen.
Related Tools
Need to manage SSH connections?
SSH Workbench lets you connect, browse files, and manage servers visually.
Try SSH Workbench Free