THUMBPRINT(7) THUMBPRINT(7)
NAME
thumbprint - public key thumbprints
DESCRIPTION
Applications in Plan 9 that use public keys for
authentication, for example by calling tlsClient and
okThumbprint (see pushtls(3)), check the remote side's pub-
lic key by comparing against thumbprints from a trusted
list. The list is maintained by people who set local poli-
cies about which servers can be trusted for which applica-
tions, thereby playing the role taken by certificate author-
ities in PKI-based systems. By convention, these lists are
stored as files in /sys/lib/tls/ and protected by normal
file system permissions.
Such a thumbprint file comprises lines made up of
attribute/value pairs of the form attr=value or attr. The
first attribute must be x509 and the second must be
sha1={hexchecksumofbinarycertificate}. All other attributes
are treated as comments. The file may also contain lines of
the form #includefile
For example, a web server might have thumbprint
x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com
SEE ALSO
pushtls(3)
Page 1 Plan 9 (printed 10/29/25)