WinSCP encryption

We are dealing with a vendor and have WinSCP working successfully using the following format for the host key
-certificate="xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx"

However, we have a new vendor that has sent us a very long string instead of the above format?

How does that work?  Do I need a tool to "make" the above format with the long string?  Can the app use the long encryption string instead?  I am a total newbie at WinSCP.
LVL 1
cyimxtckCEOAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
It is more of SSH keys or certificate (in your case) fingerprints. See useful reference
-certificate="<fingerprint>"
Specifies fingerprint of expected TLS/SSL certificate (or several fingerprints separated by semicolon). It makes WinSCP automatically accept certificate with the fingerprint....
https://winscp.net/eng/docs/scriptcommand_open
cyimxtckCEOAuthor Commented:
That makes sense but in all those examples I don't see where I can use the "long string" (the PGP key)?

Does WinSCP support that "type" of key?

That's the part I am now faced with now.
btanExec ConsultantCommented:
yes it can be in long string just like the case for the hostkey. but do note that the certificate is not a pgp key per se and this has to be clear as it contain only the public key with the usage declared in the certificate X.509v3 format (typically). In specific, it is more of using "TlsHostCertificateFingerprint" fnc as an example for the long string handling.

see this example where it declared e.g.
"ssh-rsa 2048 e7:d5:b0:a4:6f:24:7f:15:5c:c1:ae:b9:43:c1:86:95:7e:97:35:85"
 https://winscp.net/forum/viewtopic.php?t=11748
...and in specific to certificate, it uses the fnc stated above in string handling the fingerprint (hex char)
 https://winscp.net/eng/docs/library_sessionoptions

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Steve BinkCommented:
Retrieving the fingerprint from a certificate is pretty straight-forward.

An alternative is to connect to the new vendor and let WinSCP verify the certificate for you...  it should generate a prompt asking you if it is correct.  When you verify it, WinSCP will save the fingerprint in its config.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.