Establishing a TUF repository is conceptually simple, but requires careful planning and coordination to ensure the security of the resulting system.
Before you begin this process, ensure you have reviewed and executed the Ceremony preparation steps to ensure the resulting TUF repository is trustworthy.
Once you have prepared a secure environment and created a place to hold ceremony artifacts, the process of initializing and deploying your TUF repository breaks down into 3 steps:
Having prepared a secure environment in which to operate, the keyholders will:
We recommend using a Hardware Security Module (HSM) to generate and store the root keys securely. If this approach is not feasible for your deployment, you can also generate keys directly on your ceremony computer using OpenSSL. In this case, you need to take extra care to keep the ceremony computer itself intact and secure from compromise.
This process involves:
We recommend livestreaming or video-recording the key generation and signing ceremonies as a further security measure to enhance trust in the process and its results. The runbooks indicate when to begin streaming to capture these steps.
Once the coordinator has collected root verification keys from all keyholders, they can proceed to prepare the root metadata for the new TUF repository.
This process involves:
1.root.json
).With the signed root metadata JSON file in hand, the ceremony coordinator can initialize the TUF repo.
This process is a simple matter of deploying 1.root.json
into the TUF
repository, and running the rugged initialize
command to trigger Rugged to
use the root metadata to create and sign the other roles’ metadata files to
form a complete and valid TUF repository.