NAME
thumbprint – public key thumbprints |
DESCRIPTION
Applications in Plan 9 that use public keys for authentication,
for example by calling tlsClient and okThumbprint (see pushtls(2)),
check the remote side's public key by comparing against thumbprints
from a trusted list. The list is maintained by people who set
local policies about which servers can be trusted
for which applications, thereby playing the role taken by certificate
authorities in PKI–based systems. By convention, these lists are
stored as files in /sys/lib/tls/ and protected by normal file
system permissions. Such a thumbprint file comprises lines made up of attribute/value pairs of the form attr=value or attr. The first attribute must be x509 and the second must be sha1={hexchecksumofbinarycertificate}. All other attributes are treated as comments. The file may also contain lines of the form #includefile
For example, a web server might have thumbprint |
SEE ALSO
pushtls(2) |