diff --git a/src/main/java/org/cobbzilla/util/security/CryptoUtil.java b/src/main/java/org/cobbzilla/util/security/CryptoUtil.java
index f439404..79b9d90 100644
--- a/src/main/java/org/cobbzilla/util/security/CryptoUtil.java
+++ b/src/main/java/org/cobbzilla/util/security/CryptoUtil.java
@@ -13,8 +13,6 @@ import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Key;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
 
 import static org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric;
 import static org.cobbzilla.util.daemon.ZillaRuntime.die;
@@ -30,15 +28,6 @@ public class CryptoUtil {
     public static final String RSA_PREFIX = "-----BEGIN RSA PRIVATE KEY-----";
     public static final String RSA_SUFFIX = "-----END RSA PRIVATE KEY-----";
 
-    private static final MessageDigest MESSAGE_DIGEST;
-    static {
-        try {
-            MESSAGE_DIGEST = MessageDigest.getInstance("SHA-256");
-        } catch (NoSuchAlgorithmException e) {
-            throw (RuntimeException) die("error creating SHA-256 MessageDigest: "+e);
-        }
-    }
-
     public static byte[] toBytes(InputStream data) throws IOException {
         ByteArrayOutputStream out = new ByteArrayOutputStream();
         IOUtils.copy(data, out);
diff --git a/src/main/java/org/cobbzilla/util/security/RsaKeyPair.java b/src/main/java/org/cobbzilla/util/security/RsaKeyPair.java
index c3a8b9e..b47f0ea 100644
--- a/src/main/java/org/cobbzilla/util/security/RsaKeyPair.java
+++ b/src/main/java/org/cobbzilla/util/security/RsaKeyPair.java
@@ -4,8 +4,10 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.*;
 import lombok.experimental.Accessors;
 import lombok.extern.slf4j.Slf4j;
+import org.cobbzilla.util.io.FileUtil;
 import org.cobbzilla.util.io.TempDir;
 import org.cobbzilla.util.string.Base64;
+import org.cobbzilla.util.system.CommandResult;
 
 import java.io.File;
 
@@ -13,6 +15,7 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric;
 import static org.cobbzilla.util.daemon.ZillaRuntime.*;
 import static org.cobbzilla.util.io.FileUtil.*;
 import static org.cobbzilla.util.string.StringUtil.safeShellArg;
+import static org.cobbzilla.util.system.CommandShell.exec;
 import static org.cobbzilla.util.system.CommandShell.execScript;
 
 @NoArgsConstructor @Accessors(chain=true) @EqualsAndHashCode(of={"publicKey"}) @Slf4j
@@ -35,6 +38,18 @@ public class RsaKeyPair {
         }
     }
 
+    public static boolean isValidSshPublicKey (String key) {
+        try {
+            @Cleanup final TempDir temp = new TempDir();
+            final File f = FileUtil.toFile(temp+"/key.pub", key);
+            final CommandResult result = exec("ssh-keygen -l -f " + abs(f));
+            return result.isZeroExitStatus() && result.getStdout().length() > 0;
+        } catch (Exception e) {
+            log.error("isValidSshPublicKey: "+shortError(e));
+            return false;
+        }
+    }
+
     @JsonIgnore @Getter @Setter private String privateKey;
     public boolean hasPrivateKey () { return !empty(privateKey); }