Home Explore Help
Sign In
RISCI_ATOM
/
plan9-gpl
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 14d8b39a82
Branches Tags
plan9-gpl
/
sys
/
man
/
6
/
thumbprint

thumbprint 1.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041 
  1. .TH THUMBPRINT 6
    2. 

  2. .SH NAME
    3. 

  3. thumbprint \- public key thumbprints
    4. 

  4. .SH DESCRIPTION
    5. 

  5. .PP
    6. 

  6. Applications in Plan 9 that use public keys for authentication,
    7. 

  7. for example by calling
    8. 

  8. .B tlsClient
    9. 

  9. and
    10. 

  10. .B okThumbprint
    11. 

  11. (see
    12. 

  12. .IR pushtls (2)),
    13. 

  13. check the remote side's public key by comparing against
    14. 

  14. thumbprints from a trusted list.
    15. 

  15. The list is maintained by people who set local policies
    16. 

  16. about which servers can be trusted for which applications,
    17. 

  17. thereby playing the role taken by certificate authorities
    18. 

  18. in PKI-based systems.
    19. 

  19. By convention, these lists are stored as files in
    20. 

  20. .B /sys/lib/tls/
    21. 

  21. and protected by normal file system permissions.
    22. 

  22. .PP
    23. 

  23. Such a thumbprint file comprises lines made up of
    24. 

  24. attribute/value pairs of the form
    25. 

  25. .IB attr = value
    26. 

  26. or
    27. 

  27. .IR attr .
    28. 

  28. The first attribute must be
    29. 

  29. .B x509
    30. 

  30. and the second must be
    31. 

  31. .BI sha1= {hex checksum of binary certificate}.
    32. 

  32. All other attributes are treated as comments.
    33. 

  33. The file may also contain lines of the form
    34. 

  34. .BI #include file
    35. 

  35. .PP
    36. 

  36. For example, a web server might have thumbprint
    37. 

  37. .EX
    38. 

  38. x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
    39. 

  39. .EE
    40. 

  40. .SH "SEE ALSO"
    41. 

  41. .IR pushtls (2)
    42.