1 .TH THUMBPRINT 7
2 .SH NAME
3 thumbprint \- public key thumbprints
4 .SH DESCRIPTION
5 .PP
6 Applications in Plan 9 that use public keys for authentication,
7 for example by calling
8 .B tlsClient
9 and
10 .B okThumbprint
11 (see
12 .MR pushtls (3) ),
13 check the remote side's public key by comparing against
14 thumbprints from a trusted list.
15 The list is maintained by people who set local policies
16 about which servers can be trusted for which applications,
17 thereby playing the role taken by certificate authorities
18 in PKI-based systems.
19 By convention, these lists are stored as files in
20 .B /sys/lib/tls/
21 and protected by normal file system permissions.
22 .PP
23 Such a thumbprint file comprises lines made up of
24 attribute/value pairs of the form
25 .IB attr = value
26 or
27 .IR attr .
28 The first attribute must be
29 .B x509
30 and the second must be
31 .BI sha1= {hex checksum of binary certificate}.
32 All other attributes are treated as comments.
33 The file may also contain lines of the form
34 .BI #include file
35 .PP
36 For example, a web server might have thumbprint
37 .EX
38 x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
39 .EE
40 .SH "SEE ALSO"
41 .MR pushtls (3)