1 058b0118 2005-01-03 devnull .TH THUMBPRINT 7
3 058b0118 2005-01-03 devnull thumbprint \- public key thumbprints
4 058b0118 2005-01-03 devnull .SH DESCRIPTION
6 058b0118 2005-01-03 devnull Applications in Plan 9 that use public keys for authentication,
7 058b0118 2005-01-03 devnull for example by calling
8 058b0118 2005-01-03 devnull .B tlsClient
10 058b0118 2005-01-03 devnull .B okThumbprint
12 d32deab1 2020-08-16 rsc .MR pushtls (3) ),
13 058b0118 2005-01-03 devnull check the remote side's public key by comparing against
14 058b0118 2005-01-03 devnull thumbprints from a trusted list.
15 058b0118 2005-01-03 devnull The list is maintained by people who set local policies
16 058b0118 2005-01-03 devnull about which servers can be trusted for which applications,
17 058b0118 2005-01-03 devnull thereby playing the role taken by certificate authorities
18 058b0118 2005-01-03 devnull in PKI-based systems.
19 058b0118 2005-01-03 devnull By convention, these lists are stored as files in
20 058b0118 2005-01-03 devnull .B /sys/lib/tls/
21 058b0118 2005-01-03 devnull and protected by normal file system permissions.
23 058b0118 2005-01-03 devnull Such a thumbprint file comprises lines made up of
24 058b0118 2005-01-03 devnull attribute/value pairs of the form
25 058b0118 2005-01-03 devnull .IB attr = value
27 058b0118 2005-01-03 devnull .IR attr .
28 058b0118 2005-01-03 devnull The first attribute must be
30 058b0118 2005-01-03 devnull and the second must be
31 058b0118 2005-01-03 devnull .BI sha1= {hex checksum of binary certificate}.
32 058b0118 2005-01-03 devnull All other attributes are treated as comments.
33 058b0118 2005-01-03 devnull The file may also contain lines of the form
34 058b0118 2005-01-03 devnull .BI #include file
36 058b0118 2005-01-03 devnull For example, a web server might have thumbprint
38 058b0118 2005-01-03 devnull x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
40 058b0118 2005-01-03 devnull .SH "SEE ALSO"
41 d32deab1 2020-08-16 rsc .MR pushtls (3)
