man/man7/thumbprint.7 - plan9 - Git at Google

 .TH THUMBPRINT 7
 .SH NAME
 thumbprint \- public key thumbprints
 .SH DESCRIPTION
 .PP
 Applications in Plan 9 that use public keys for authentication,
 for example by calling
 .B tlsClient
 and
 .B okThumbprint
 (see
 .IR pushtls (3)),
 check the remote side's public key by comparing against
 thumbprints from a trusted list.
 The list is maintained by people who set local policies
 about which servers can be trusted for which applications,
 thereby playing the role taken by certificate authorities
 in PKI-based systems.
 By convention, these lists are stored as files in
 .B /sys/lib/tls/
 and protected by normal file system permissions.
 .PP
 Such a thumbprint file comprises lines made up of
 attribute/value pairs of the form
 .IB attr = value
 or
 .IR attr .
 The first attribute must be
 .B x509
 and the second must be
 .BI sha1= {hex checksum of binary certificate}.
 All other attributes are treated as comments.
 The file may also contain lines of the form
 .BI #include file
 .PP
 For example, a web server might have thumbprint
 .EX
 x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
 .EE
 .SH "SEE ALSO"
 .IR pushtls (3)
	.TH THUMBPRINT 7
	.SH NAME
	thumbprint \- public key thumbprints
	.SH DESCRIPTION
	.PP
	Applications in Plan 9 that use public keys for authentication,
	for example by calling
	.B tlsClient
	and
	.B okThumbprint
	(see
	.IR pushtls (3)),
	check the remote side's public key by comparing against
	thumbprints from a trusted list.
	The list is maintained by people who set local policies
	about which servers can be trusted for which applications,
	thereby playing the role taken by certificate authorities
	in PKI-based systems.
	By convention, these lists are stored as files in
	.B /sys/lib/tls/
	and protected by normal file system permissions.
	.PP
	Such a thumbprint file comprises lines made up of
	attribute/value pairs of the form
	.IB attr = value
	or
	.IR attr .
	The first attribute must be
	.B x509
	and the second must be
	.BI sha1= {hex checksum of binary certificate}.
	All other attributes are treated as comments.
	The file may also contain lines of the form
	.BI #include file
	.PP
	For example, a web server might have thumbprint
	.EX
	x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
	.EE
	.SH "SEE ALSO"
	.IR pushtls (3)