A newly released Docker Content Trust capability uses digital signatures to ensure the integrity of Dockerized content. The idea is to allow Docker users to operate exclusively on signed content when building or deploying Dockerized applications. The capability is built using Notary and The Update Framework.
When enabled, Docker Content Trust ensures that all operations using a remote registry enforce the signing and verification of images. In particular, Docker’s central commands `push`, `pull`, `build`, `create` and `run` will only operate on images that either have content signatures or explicit content hashes.
Docker said it will be signing the Docker Hub Official Repos, providing users with a trusted set of base images they can use to build distributed applications.
“As organizations evolve from a monolithic software architecture to distributed applications, the secure distribution of software becomes increasingly difficult to solve,” said Diogo Mónica, Security Lead for Docker. “Without a standard method for validating the integrity of content, Docker has the unique opportunity to leapfrog the status quo and build a system that meets the strongest standard for software distribution. With Docker Content Trust, users have a solution that works across any infrastructure, offering security guarantees that were not previously available to them.”
Docker Content Trust also generates a Timestamp key that provides protection against replay attacks, which would allow a malicious actor to serve signed but expired content. Docker manages the Timestamp key for the user, reducing the hassle of having to constantly refresh the content client-side.
