THUMBPRINT(6)THUMBPRINT(6)NAMEthumbprint - public key thumbprints
DESCRIPTION
Applications in Plan 9 that use public keys for authentication, for
example by calling tlsClient and okThumbprint (see pushtls(2)), check
the remote side's public key by comparing against thumbprints from a
trusted list. The list is maintained by people who set local policies
about which servers can be trusted for which applications, thereby
playing the role taken by certificate authorities in PKI-based systems.
By convention, these lists are stored as files in /sys/lib/tls/ and
protected by normal file system permissions.
Such a thumbprint file comprises lines made up of attribute/value pairs
of the form attr=value or attr. The first attribute must be x509 and
the second must be sha1={hexchecksumofbinarycertificate}. All other
attributes are treated as comments. The file may also contain lines of
the form #includefile
For example, a web server might have thumbprint
x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
SEE ALSOpushtls(2)THUMBPRINT(6)