man/man7/thumbprint.html - plan9 - Git at Google

 <head>
 <title>thumbprint(7) - Plan 9 from User Space</title>
 <meta content="text/html; charset=utf-8" http-equiv=Content-Type>
 </head>
 <body bgcolor=#ffffff>
 <table border=0 cellpadding=0 cellspacing=0 width=100%>
 <tr height=10><td>
 <tr><td width=20><td>
 <tr><td width=20><td><b>THUMBPRINT(7)</b><td align=right><b>THUMBPRINT(7)</b>
 <tr><td width=20><td colspan=2>
     <br>
 <p><font size=+1><b>NAME     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     thumbprint &ndash; public key thumbprints<br>

 </table>
 <p><font size=+1><b>DESCRIPTION     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     Applications in Plan 9 that use public keys for authentication,
     for example by calling <tt><font size=+1>tlsClient</font></tt> and <tt><font size=+1>okThumbprint</font></tt> (see <a href="../man3/pushtls.html"><i>pushtls</i>(3)</a>),
     check the remote side&#8217;s public key by comparing against thumbprints
     from a trusted list. The list is maintained by people who set
     local policies about which servers can be trusted
     for which applications, thereby playing the role taken by certificate
     authorities in PKI-based systems. By convention, these lists are
     stored as files in <tt><font size=+1>/sys/lib/tls/</font></tt> and protected by normal file
     system permissions.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Such a thumbprint file comprises lines made up of attribute/value
     pairs of the form <i>attr</i><tt><font size=+1>=</font></tt><i>value</i> or <i>attr</i>. The first attribute must
     be <tt><font size=+1>x509</font></tt> and the second must be <tt><font size=+1>sha1=</font></tt><i>{hex</i><tt><font size=+1>checksum</font></tt><i>of</i><tt><font size=+1>binary</font></tt><i>certificate}.</i>
     All other attributes are treated as comments. The file may also
     contain lines of the form <tt><font size=+1>#include</font></tt><i>file
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
     </i>
     For example, a web server might have thumbprint<br>
     <tt><font size=+1>x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell&#8722;labs.com<br>
     </font></tt>
 </table>
 <p><font size=+1><b>SEE ALSO     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     <a href="../man3/pushtls.html"><i>pushtls</i>(3)</a><br>

 </table>

 <td width=20>
 <tr height=20><td>
 </table>
 <!-- TRAILER -->
 <table border=0 cellpadding=0 cellspacing=0 width=100%>
 <tr height=15><td width=10><td><td width=10>
 <tr><td><td>
 <center>
 <a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
 </center>
 </table>
 <!-- TRAILER -->
 </body></html>
	<head>
	<title>thumbprint(7) - Plan 9 from User Space</title>
	<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
	</head>
	<body bgcolor=#ffffff>
	<table border=0 cellpadding=0 cellspacing=0 width=100%>
	<tr height=10><td>
	<tr><td width=20><td>
	<tr><td width=20><td><b>THUMBPRINT(7)</b><td align=right><b>THUMBPRINT(7)</b>
	<tr><td width=20><td colspan=2>
	<br>
	<p><font size=+1><b>NAME </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	thumbprint – public key thumbprints<br>

	</table>
	<p><font size=+1><b>DESCRIPTION </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	Applications in Plan 9 that use public keys for authentication,
	for example by calling <tt><font size=+1>tlsClient</font></tt> and <tt><font size=+1>okThumbprint</font></tt> (see <a href="../man3/pushtls.html"><i>pushtls</i>(3)</a>),
	check the remote side’s public key by comparing against thumbprints
	from a trusted list. The list is maintained by people who set
	local policies about which servers can be trusted
	for which applications, thereby playing the role taken by certificate
	authorities in PKI-based systems. By convention, these lists are
	stored as files in <tt><font size=+1>/sys/lib/tls/</font></tt> and protected by normal file
	system permissions.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Such a thumbprint file comprises lines made up of attribute/value
	pairs of the form <i>attr</i><tt><font size=+1>=</font></tt><i>value</i> or <i>attr</i>. The first attribute must
	be <tt><font size=+1>x509</font></tt> and the second must be <tt><font size=+1>sha1=</font></tt><i>{hex</i><tt><font size=+1>checksum</font></tt><i>of</i><tt><font size=+1>binary</font></tt><i>certificate}.</i>
	All other attributes are treated as comments. The file may also
	contain lines of the form <tt><font size=+1>#include</font></tt><i>file
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
	</i>
	For example, a web server might have thumbprint<br>
	<tt><font size=+1>x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell−labs.com<br>
	</font></tt>
	</table>
	<p><font size=+1><b>SEE ALSO </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<a href="../man3/pushtls.html"><i>pushtls</i>(3)</a><br>

	</table>

	<td width=20>
	<tr height=20><td>
	</table>
	<!-- TRAILER -->
	<table border=0 cellpadding=0 cellspacing=0 width=100%>
	<tr height=15><td width=10><td><td width=10>
	<tr><td><td>
	<center>
	<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
	</center>
	</table>
	<!-- TRAILER -->
	</body></html>