diff --git a/tuf/README.md b/tuf/README.md index d0e17f68..ff360281 100644 --- a/tuf/README.md +++ b/tuf/README.md @@ -24,15 +24,14 @@ ### Overview ### -A software update system must complete two main tasks to integrate TUF (The Update -Framework.) First, it must add the framework to the client side of the system. +A software update system must complete two main tasks to integrate The Update +Framework (TUF.) First, it must add the framework to the client side of the system. The [tuf.client.updater](client/README.md) module and [tuf.interposition](interposition/README.md) package assist in integrating TUF on the client side. Second, the repository on the server side must be modified to include a minimum of four metadata files. No additional software -is required to convert a repository to a TUF one on the server side. The tool to -assist in generating the required metadata files of the repository is the focus -of this document. +is required to convert a repository to a TUF one. The tool to assist in generating +the required metadata files of the repository is the focus of this document. The [repository tool](repository_tool.py) contains functions to generate all the @@ -56,27 +55,27 @@ $ pip install tuf[tools] ``` A repository object that encapsulates the metadata files of the repository -can be either created or loaded by the repository tool. Repository maintainers +can be created or loaded by the repository tool. Repository maintainers modify the repository object to update metadata files stored on the repository. TUF uses the metadata files to validate files requested and downloaded by clients. In addition to the repository object, where the majority of changes are made, the repository tool provides functions to generate and persist cryptographic keys. The framework utilizes cryptographic keys to -sign and verify metadata files. For a comprehensive list of available repository -tool functions and classes, a [diagram](../docs/images/repository_tool-diagram.png) +sign and verify metadata files. For a comprehensive list of repository tool +functions and classes, a [diagram](../docs/images/repository_tool-diagram.png) is available. Documentation for setting up a TUF client and performing an update is provided [here](client_setup_and_repository_example.md). To begin, cryptographic keys are generated. Before metadata files can be validated -by clients and target files fetched in a secure manner, public keys must be created to -pin to particular metadata roles and private keys to generate signatures. After +by clients and target files fetched in a secure manner, public keys must be pinned to +particular metadata roles and signatures generated by the private keys. After covering keys, the four required top-level roles are introduced. Examples are given demonstrating the expected work flow, where the metadata roles are created in a specific order, keys imported and loaded, and the metadata objects signed and -written to disk. Next, target files are added to the repository and included -in metadata. Lastly, custom delegations are added to extend the default -roles in the repository. By the end, a fully populated TUF repository is generated -that can be tested. +written to disk. Lastly, target files are added to the repository, included in +metadata, and custom delegations performed to extend the default roles in the +repository. By the end, a fully populated TUF repository is generated that can be +tested. ### Keys ### The repository tool supports multiple public-key algorithms, such as