THUMBPRINT(7) THUMBPRINT(7) NAME thumbprint - public key thumbprints DESCRIPTION Applications in Plan 9 that use public keys for authentication, for example by calling tlsClient and okThumbprint (see pushtls(3)), check the remote side's pub- lic key by comparing against thumbprints from a trusted list. The list is maintained by people who set local poli- cies about which servers can be trusted for which applica- tions, thereby playing the role taken by certificate author- ities in PKI-based systems. By convention, these lists are stored as files in /sys/lib/tls/ and protected by normal file system permissions. Such a thumbprint file comprises lines made up of attribute/value pairs of the form attr=value or attr. The first attribute must be x509 and the second must be sha1={hexchecksumofbinarycertificate}. All other attributes are treated as comments. The file may also contain lines of the form #includefile For example, a web server might have thumbprint x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com SEE ALSO pushtls(3) Page 1 Plan 9 (printed 12/22/24)