Secure Cloud Service Archive 1.0 Release Candidate¶
This document specifies the concept of a Secure Cloud Service Archive (sCSAR). The specification is under active development and is not backwards compatible with any previous versions.
Secure Cloud Service Archive¶
Sign the CSAR using RSA with SHA256 and place the signature under the name of the CSAR appended with .asc.
For example, if the CSAR is named example.csar, then the signature file is named example.csar.asc.
An RSA key length of 4096 is adviced.
The CSAR and signature might be distributed in a ZIP file with the extension .scsar having the following structure.
| File | Description |
|---|---|
<CSAR Name>.csar |
The CSAR. |
<CSAR Name>.csar.asc |
The signature of the CSAR (encoded as HEX) |
certificate.pem |
The certificate (encoded as PEM) of the signature key used for verifying the signature. |
certificate-chain.pem |
The certificate chain (encoded as PEM). |
Acknowledgments¶
This specification is developed for the purpose of research by the Institute of Software Engineering (ISTE) and the Institute of Architecture of Application Systems (IAAS) of the University of Stuttgart, Germany. The development is partially funded by the German Federal Ministry for Economic Affairs and Climate Action (BMWK) as part of the Software-Defined Car (SofDCar) project (19S21002).
Correspondence¶
Please address all correspondence concerning this specification to Miles Stötzner <miles.stoetzner@iste.uni-stuttgart.de, https://miles.stoetzner.de>.
Disclaimer of Warranty¶
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.