Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
THUMBPRINT(7)	       Miscellaneous Information Manual		 THUMBPRINT(7)

NAME
       thumbprint - public key thumbprints

DESCRIPTION
       Applications in Plan 9 that use public keys for authentication, for ex-
       ample by	calling	tlsClient and okThumbprint (see	pushtls(3)), check the
       remote  side's  public  key  by	comparing  against  thumbprints	from a
       trusted list.  The list is maintained by	people who set local  policies
       about  which  servers  can  be  trusted for which applications, thereby
       playing the role	taken by certificate authorities in PKI-based systems.
       By  convention,	these  lists  are stored as files in /sys/lib/tls/ and
       protected by normal file	system permissions.

       Such a thumbprint file comprises	lines made up of attribute/value pairs
       of  the	form attr=value	or attr.  The first attribute must be x509 and
       the second must be  sha1={hexchecksumofbinarycertificate}.   All	 other
       attributes are treated as comments.  The	file may also contain lines of
       the form	#includefile

       For example, a web server might have thumbprint
       x509 sha1=8fe472d31b360a8303cd29f92bd734813cbd923c cn=*.cs.bell-labs.com

SEE ALSO
       pushtls(3)

								 THUMBPRINT(7)

NAME | DESCRIPTION | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=thumbprint&sektion=7&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help