Skip to content

Secure Cloud Service Archive 1.0 Release Candidate

This document specifies the concept of a Secure Cloud Service Archive (sCSAR). The specification is under active development and is not backwards compatible with any previous versions.

Secure Cloud Service Archive

Sign the CSAR using RSA with SHA256 and place the signature under the name of the CSAR appended with .asc. For example, if the CSAR is named example.csar, then the signature file is named example.csar.asc. An RSA key length of 4096 is adviced. The CSAR and signature might be distributed in a ZIP file with the extension .scsar having the following structure.

File Description
<CSAR Name>.csar The CSAR.
<CSAR Name>.csar.asc The signature of the CSAR (encoded as HEX)
certificate.pem The certificate (encoded as PEM) of the signature key used for verifying the signature.
certificate-chain.pem The certificate chain (encoded as PEM).

Acknowledgments

This specification is developed for the purpose of research by the Institute of Software Engineering (ISTE) and the Institute of Architecture of Application Systems (IAAS) of the University of Stuttgart, Germany. The development is partially funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) as part of the Software-Defined Car (SofDCar) project (19S21002).

Correspondence

Please address all correspondence concerning this specification to Miles Stötzner <miles.stoetzner@iste.uni-stuttgart.de, https://miles.stoetzner.de>.

Disclaimer of Warranty

Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.


Last update: December 13, 2024