Specifications and Downloads

The Document Family

SPsec is published as a small set of documents that build on each other. Read 101 first for the why, 102 for vocabulary, 201 for the network-independent definitions and then whichever mapping document applies to the network you are deploying on.

SPsec101 — Concept

Sets out the scope of SPsec: where small-packet networks are used, the threats they face, the regulatory backdrop and the security principles SPsec is built on.

Download PDF · v1.06 · 12 November 2025

SPsec102 — Glossary

Defines the terminology used across the SPsec documents, grouped by topic: basics, attack vectors, cryptographic methods, roles, states, keys, data objects and timeouts.

Download PDF · v1.26 · 11 December 2025

SPsec201 — Generic Specification

The network-independent specification of SPsec: data types, parameter registers, cryptographic primitives, key derivations, control-plane services and event handling.

Download PDF · v1.35 · 11 December 2025

SPsec301 — Generic Mapping

Maps SPsec onto generic serial point-to-point communication, with implementation notes for Modbus and CANopen.

Download PDF · v1.01 · 12 November 2025

SPsec302 — CAN FD Mapping

The CAN FD mapping that powers CANcrypt V2, covering security stamp layout, control-plane CAN ID assignment, timestamp synchronization and AEAD parameters. Compatible with CANopen FD.

Download PDF · v1.40 · 8 January 2026

Further Reading and Tools

SPsec and CANcrypt sit within a wider set of CAN security material, tools and training from Embedded Systems Academy.

Frequently Asked Questions

Which SPsec document should I read first?

Read SPsec101 (Concept) first, then SPsec102 (Glossary) for vocabulary, then SPsec201 (Generic Specification) for the network-independent definitions, then the mapping document for your network.

Which document covers CANcrypt V2?

SPsec302 (CAN FD Mapping) defines the CAN FD mapping that CANcrypt V2 implements.