The Update Framework (TUF)

TUF Repository Specification

The TUF specification defines the structure of update repositories including the root, targets, snapshot, and timestamp metadata files. Each metadata file has a defined schema with signatures, expiration dates, and delegation rules. Clients follow a defined verification workflow to securely resolve and download updates while protecting against various attack vectors including key compromise, rollback attacks, freeze attacks, and mix-and-match attacks. The specification is version 1.0.31.

GitHub

Documentation

📖
Documentation
https://theupdateframework.github.io/specification/latest/

SDKs

📦
GitHubRepository
https://github.com/theupdateframework/specification

Schemas & Data

📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/tuf/refs/heads/main/json-schema/tuf-root-metadata-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/tuf/refs/heads/main/json-schema/tuf-targets-metadata-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/tuf/refs/heads/main/json-schema/tuf-snapshot-metadata-schema.json
📊
JSONSchema
https://raw.githubusercontent.com/api-evangelist/tuf/refs/heads/main/json-schema/tuf-timestamp-metadata-schema.json

API entry from apis.yml

apis.yml Raw ↑ 
aid: tuf:tuf-spec
name: TUF Repository Specification
description: The TUF specification defines the structure of update repositories including the root, targets,
  snapshot, and timestamp metadata files. Each metadata file has a defined schema with signatures, expiration
  dates, and delegation rules. Clients follow a defined verification workflow to securely resolve and
  download updates while protecting against various attack vectors including key compromise, rollback
  attacks, freeze attacks, and mix-and-match attacks. The specification is version 1.0.31.
humanURL: https://theupdateframework.github.io/specification/latest/
properties:
- type: Documentation
  url: https://theupdateframework.github.io/specification/latest/
- type: GitHubRepository
  url: https://github.com/theupdateframework/specification
- type: JSONSchema
  url: json-schema/tuf-root-metadata-schema.json
- type: JSONSchema
  url: json-schema/tuf-targets-metadata-schema.json
- type: JSONSchema
  url: json-schema/tuf-snapshot-metadata-schema.json
- type: JSONSchema
  url: json-schema/tuf-timestamp-metadata-schema.json
tags:
- Metadata
- Repository Metadata
- Specification
- Verification