cirno/plan9port
1
0
Fork 0
mirror of https://github.com/9fans/plan9port.git synced 2025-01-12 11:10:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
plan9port/man/man7/thumbprint.html
rsc 78e51a8c66 checkpoint
2005-01-14 03:45:44 +00:00

68 lines
2.8 KiB
HTML
Raw Blame History

<head>
<title>thumbprint(7) - Plan 9 from User Space</title>
<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
</head>
<body bgcolor=#ffffff>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=10><td>
<tr><td width=20><td>
<tr><td width=20><td><b>THUMBPRINT(7)</b><td align=right><b>THUMBPRINT(7)</b>
<tr><td width=20><td colspan=2>
<br>
<p><font size=+1><b>NAME </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
thumbprint &ndash; public key thumbprints<br>
</table>
<p><font size=+1><b>DESCRIPTION </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
Applications in Plan 9 that use public keys for authentication,
for example by calling <tt><font size=+1>tlsClient</font></tt> and <tt><font size=+1>okThumbprint</font></tt> (see <a href="../man3/pushtls.html"><i>pushtls</i>(3)</a>),
check the remote side&#8217;s public key by comparing against thumbprints
from a trusted list. The list is maintained by people who set
local policies about which servers can be trusted
for which applications, thereby playing the role taken by certificate
authorities in PKI-based systems. By convention, these lists are
stored as files in <tt><font size=+1>/sys/lib/tls/</font></tt> and protected by normal file
system permissions.
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
Such a thumbprint file comprises lines made up of attribute/value
pairs of the form <i>attr</i><tt><font size=+1>=</font></tt><i>value</i> or <i>attr</i>. The first attribute must
be <tt><font size=+1>x509</font></tt> and the second must be <tt><font size=+1>sha1=</font></tt><i>{hex</i><tt><font size=+1>checksum</font></tt><i>of</i><tt><font size=+1>binary</font></tt><i>certificate}.</i>
All other attributes are treated as comments. The file may also
contain lines of the form <tt><font size=+1>#include</font></tt><i>file
<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
</i>
For example, a web server might have thumbprint<br>
<tt><font size=+1>x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell&#8722;labs.com<br>
</font></tt>
</table>
<p><font size=+1><b>SEE ALSO </b></font><br>
<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>
<a href="../man3/pushtls.html"><i>pushtls</i>(3)</a><br>
</table>
<td width=20>
<tr height=20><td>
</table>
<!-- TRAILER -->
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=15><td width=10><td><td width=10>
<tr><td><td>
<center>
<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
</center>
</table>
<!-- TRAILER -->
</body></html>
Reference in a new issue View git blame Copy permalink