tuf
Definition
The Update Framework (TUF) is a security framework designed to protect software update systems from various types of attacks, such as man-in-the-middle, rollback, and indefinite freeze attacks. It provides a set of specifications and tools to ensure the integrity and authenticity of software updates by using cryptographic signatures and a hierarchical trust model. TUF is widely used in package managers and container ecosystems to secure the distribution of software updates.
Secure Settings Example
{
"roles": {
"root": {
"keys": ["<root-key-id>"],
"threshold": 1
},
"targets": {
"keys": ["<targets-key-id>"],
"threshold": 1
},
"snapshot": {
"keys": ["<snapshot-key-id>"],
"threshold": 1
},
"timestamp": {
"keys": ["<timestamp-key-id>"],
"threshold": 1
}
},
"keyids": {
"<root-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<root-public-key>"
}
},
"<targets-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<targets-public-key>"
}
},
"<snapshot-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<snapshot-public-key>"
}
},
"<timestamp-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<timestamp-public-key>"
}
}
}
}
Insecure Settings Example
{
"roles": {
"root": {
"keys": ["<root-key-id>"],
"threshold": 1
},
"targets": {
"keys": [],
"threshold": 0
},
"snapshot": {
"keys": ["<snapshot-key-id>"],
"threshold": 1
},
"timestamp": {
"keys": ["<timestamp-key-id>"],
"threshold": 1
}
},
"keyids": {
"<root-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<root-public-key>"
}
},
"<snapshot-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<snapshot-public-key>"
}
},
"<timestamp-key-id>": {
"keytype": "ed25519",
"keyval": {
"public": "<timestamp-public-key>"
}
}
}
}