From fa7b15245b718f8c71e777cff8a31db0f6393ca0 Mon Sep 17 00:00:00 2001 From: h4l0gen Date: Sat, 25 May 2024 10:18:58 +0530 Subject: [PATCH 1/2] adding raw data directly to page Signed-off-by: h4l0gen --- content/metadata.md | 325 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 318 insertions(+), 7 deletions(-) diff --git a/content/metadata.md b/content/metadata.md index fd4705c..af620cd 100644 --- a/content/metadata.md +++ b/content/metadata.md @@ -40,7 +40,117 @@ Specifies the other top-level roles. When specifying these roles, the trusted keys for each are listed, along with the minimum number of those keys required to sign the role's metadata. We call this number the signature threshold. -See [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/root.json) of Root metadata. +See an **example** + +``` +{ + "signatures": [ + { + "keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb", + "sig": + "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd + 7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e + 094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a2 + 8ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48 + c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce + 028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a + 0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af8 + 6eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821a + ada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cada + dadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131 + f81cc5981" + } + ], + "signed": { + "_type": "root", + "consistent_snapshot": false, + "expires": "2030-01-01T00:00:00Z", + "keys": { + "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "rsa", + "keyval": { + "public": "-----BEGIN PUBLIC KEY----- + \nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0GjPoVrjS9eCqzoQ8VRe + PkC0cI6ktiEgqPfHESFzyxyjC490Cuy19nuxPcJuZfN64MC48oOkR+W2mq4pM51i + xmdG5xjvNOBRkJ5wUCc8fDCltMUTBlqt9y5eLsf/4/EoBU+zC4SW1iPU++mCsity + fQQ7U6LOn3EYCyrkH51hZ/dvKC4o9TPYMVxNecJ3CL1q02Q145JlyjBTuM3Xdqsa + ndTHoXSRPmmzgB/1dL/c4QjMnCowrKW06mFLq9RAYGIaJWfM/0CbrOJpVDkATmEc + MdpGJYDfW/sRQvRdlHNPo24ZW7vkQUCqdRxvnTWkK5U81y7RtjLt1yskbWXBIbOV + z94GXsgyzANyCT9qRjHXDDz2mkLq+9I2iKtEqaEePcWRu3H6RLahpM/TxFzw684Y + R47weXdDecPNxWyiWiyMGStRFP4Cg9trcwAGnEm1w8R2ggmWphznCd5dXGhPNjfA + a82yNFY8ubnOUVJOf0nXGg3Edw9iY3xyjJb2+nrsk5f3AgMBAAE=\n-----END PUBLIC KEY-----" + }, + "scheme": "rsassa-pss-sha256" + }, + "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "ed25519", + "keyval": { + "public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd" + }, + "scheme": "ed25519" + }, + "65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "ed25519", + "keyval": { + "public": "89f28bd4ede5ec3786ab923fd154f39588d20881903e69c7b08fb504c6750815" + }, + "scheme": "ed25519" + }, + "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "ed25519", + "keyval": { + "public": "82ccf6ac47298ff43bfa0cd639868894e305a99c723ff0515ae2e9856eb5bbf4" + }, + "scheme": "ed25519" + } + }, + "roles": { + "root": { + "keyids": [ + "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758" + ], + "threshold": 1 + } + }, + "spec_version": "1.0.0", + "version": 1 + } +} +``` ## Targets Metadata (targets.json) @@ -57,7 +167,76 @@ so in a way similar to how the Root role specifies the top-level roles: by givin the trusted keys and signature threshold for each role. Additionally, one or more [glob patterns](https://en.wikipedia.org/wiki/Glob_(programming)) will be specified to indicate the target file paths for which clients should trust each delegated role. -See [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/targets.json) of Targets metadata. +See as an **example** +``` +{ + "signatures": [ + { + "keyid": "65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093", + "sig": + "d65f8db0c1a8f0976552b9742bbb393f24a5fa5eaf145c37aee047236c79dd0b83 + cfbb8b49fa7803689dfe0031dcf22c4d006b593acac07d69093b9b81722c08" + } + ], + "signed": { + "_type": "targets", + "delegations": { + "keys": { + "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "ed25519", + "keyval": { + "public": "fcf224e55fa226056adf113ef1eb3d55e308b75b321c8c8316999d8c4fd9e0d9" + }, + "scheme": "ed25519" + } + }, + "roles": [ + { + "keyids": [ + "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a" + ], + "name": "role1", + "paths": [ + "file3.txt" + ], + "terminating": false, + "threshold": 1 + } + ] + }, + "expires": "2030-01-01T00:00:00Z", + "spec_version": "1.0.0", + "targets": { + "file1.txt": { + "custom": { + "file_permissions": "0644" + }, + "hashes": { + "sha256": "65b8c67f51c993d898250f40aa57a317d854900b3a04895464313e48785440da", + "sha512": + "467430a68afae8e9f9c0771ea5d78bf0b3a0d79a2d3d3b40c69fde4dd42c4614 + 48aef76fcef4f5284931a1ffd0ac096d138ba3a0d6ca83fa8d7285a47a296f77" + }, + "length": 31 + }, + "file2.txt": { + "hashes": { + "sha256": "452ce8308500d83ef44248d8e6062359211992fd837ea9e370e561efb1a4ca99", + "sha512": + "052b49a21e03606b28942db69aa597530fe52d47ee3d748ba65afcd14b857738 + e36bc1714c4f4adde46c3e683548552fe5c96722e0e0da3acd9050c2524902d8" + }, + "length": 39 + } + }, + "version": 1 + } +} +``` ## Delegated Targets Metadata (role1.json) @@ -81,9 +260,85 @@ metadata file would be found at: /ANOTHER_ROLE.json -See -[example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/role1.json) -of delegated Targets metadata and [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/role2.json) of a nested delegation. +See **example** of delegated Targets metadata +``` +{ + "signatures": [ + { + "keyid": "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a", + "sig": + "9408b46569e622a46f1d35d9fa3c10e17a9285631ced4f2c9c2bba2c2842413 + fcb796db4e81d6f988fc056c21c407fdc3c10441592cf1e837e088f2e2dfd5403" + } + ], + "signed": { + "_type": "targets", + "delegations": { + "keys": { + "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a": { + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keytype": "ed25519", + "keyval": { + "public": + "fcf224e55fa226056adf113ef1eb3d55e308b75b321c8c8316999d8c4fd9e0d9" + }, + "scheme": "ed25519" + } + }, + "roles": [ + { + "keyids": [ + "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a" + ], + "name": "role2", + "paths": [], + "terminating": false, + "threshold": 1 + } + ] + }, + "expires": "2030-01-01T00:00:00Z", + "spec_version": "1.0.0", + "targets": { + "file3.txt": { + "hashes": { + "sha256": + "141f740f53781d1ca54b8a50af22cbf74e44c21a998fa2a8a05aaac2c002886b", + "sha512": + "ef5beafa16041bcdd2937140afebd485296cd54f7348ecd5a4d035c09759608 + de467a7ac0eb58753d0242df873c305e8bffad2454aa48f44480f15efae1cacd0" + }, + "length": 28 + } + }, + "version": 1 + } +} +``` + +and **example** of a nested delegation +``` +{ + "signatures": [ + { + "keyid": "c8022fa1e9b9cb239a6b362bbdffa9649e61ad2cb699d2e4bc4fdf7930a0e64a", + "sig": + "75b196a224fd200e46e738b1216b3316c5384f61083872f8d14b8b0a378b2344e64b1a6f1 + a89a711206a66a0b199d65ac0e30fe15ddbc4de89fa8ff645f99403" + } + ], + "signed": { + "_type": "targets", + "expires": "2030-01-01T00:00:00Z", + "spec_version": "1.0.0", + "targets": {}, + "version": 1 + } +} +``` ## Snapshot Metadata (snapshot.json) @@ -95,7 +350,36 @@ view of all files on the repository. That is, metadata files (and thus Target files) that existed on the repository at different times cannot be combined and presented to clients by an attacker. -​See [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/snapshot.json) of Snapshot metadata. +​See **example** of Snapshot metadata. +``` +{ + "signatures": [ + { + "keyid": "59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d", + "sig": + "085672c70dffe26610e58542ee552843633cfed973abdad94c56138dbf0cd991644f2d3f27 + e4dda3098e08ab676e7f52627b587947ae69db1012d59a6da18e0c" + } + ], + "signed": { + "_type": "snapshot", + "expires": "2030-01-01T00:00:00Z", + "meta": { + "role1.json": { + "version": 1 + }, + "role2.json": { + "version": 1 + }, + "targets.json": { + "version": 1 + } + }, + "spec_version": "1.0.0", + "version": 1 + } +} +``` ## Timestamp Metadata (timestamp.json) @@ -119,4 +403,31 @@ keys should be used for signing the snapshot.json file so that the Snapshot role's keys can be kept offline, and thus more secure. * Timestamp.json may be given to mirrors. -See [example](https://raw.githubusercontent.com/theupdateframework/tuf/develop/tests/repository_data/repository/metadata/timestamp.json) of Timestamp metadata. +See **example** of Timestamp metadata. +``` +{ + "signatures": [ + { + "keyid": "8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758", + "sig": + "de0e16920f87bf5500cc65736488ac17e09788cce808f6a4e85eb9e4e478a312b4c1a2d7723 + af56f7bfb1df533c67d8c93b6f49d39eabe7fae391a08e1f72f01" + } + ], + "signed": { + "_type": "timestamp", + "expires": "2030-01-01T00:00:00Z", + "meta": { + "snapshot.json": { + "hashes": { + "sha256": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab" + }, + "length": 515, + "version": 1 + } + }, + "spec_version": "1.0.0", + "version": 1 + } +} +``` \ No newline at end of file From 6ce62e726a155292f2591127cbe0eb23fc106b2c Mon Sep 17 00:00:00 2001 From: h4l0gen Date: Mon, 3 Jun 2024 19:06:37 +0530 Subject: [PATCH 2/2] adding
disclosure element Signed-off-by: h4l0gen --- content/metadata.md | 51 +++++++++++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/content/metadata.md b/content/metadata.md index af620cd..5da8b05 100644 --- a/content/metadata.md +++ b/content/metadata.md @@ -40,9 +40,9 @@ Specifies the other top-level roles. When specifying these roles, the trusted keys for each are listed, along with the minimum number of those keys required to sign the role's metadata. We call this number the signature threshold. -See an **example** - -``` +
+ Example Root metadata + 

 {
  "signatures": [
   {
@@ -150,7 +150,8 @@ See an **example**
   "version": 1
  }
 }
-``` 
+
+
## Targets Metadata (targets.json) @@ -167,8 +168,9 @@ so in a way similar to how the Root role specifies the top-level roles: by givin the trusted keys and signature threshold for each role. Additionally, one or more [glob patterns](https://en.wikipedia.org/wiki/Glob_(programming)) will be specified to indicate the target file paths for which clients should trust each delegated role. -See as an **example** -``` +
+ Example Targets metadata + 

 {
  "signatures": [
   {
@@ -236,7 +238,8 @@ See as an **example**
   "version": 1
  }
 }
-```
+
+
## Delegated Targets Metadata (role1.json) @@ -260,8 +263,9 @@ metadata file would be found at: /ANOTHER_ROLE.json -See **example** of delegated Targets metadata -``` +
+ Example delegated Targets metadata + 

 {
  "signatures": [
   {
@@ -317,10 +321,12 @@ See **example** of delegated Targets metadata
   "version": 1
  }
 }
-```
-
-and **example** of a nested delegation
-```
+
+
+and +
+ Example nested delegation + 

 {
  "signatures": [
   {
@@ -338,7 +344,8 @@ and **example** of a nested delegation
   "version": 1
  }
 }
-```
+
+
## Snapshot Metadata (snapshot.json) @@ -350,8 +357,9 @@ view of all files on the repository. That is, metadata files (and thus Target files) that existed on the repository at different times cannot be combined and presented to clients by an attacker. -​See **example** of Snapshot metadata. -``` +
+ Example Snapshot metadata + 

 {
  "signatures": [
   {
@@ -379,7 +387,8 @@ and presented to clients by an attacker.
   "version": 1
  }
 }
-```
+
+
## Timestamp Metadata (timestamp.json) @@ -403,8 +412,9 @@ keys should be used for signing the snapshot.json file so that the Snapshot role's keys can be kept offline, and thus more secure. * Timestamp.json may be given to mirrors. -See **example** of Timestamp metadata. -``` +
+ Example Timestamp metadata + 

 {
  "signatures": [
   {
@@ -430,4 +440,5 @@ See **example** of Timestamp metadata.
   "version": 1
  }
 }
-```
\ No newline at end of file
+
+
\ No newline at end of file