Docker Content Trust Protects Integrity of Dockerized Content

By CIOReview | Wednesday, August 26, 2015

SAN FRANCISCO, CA: Docker, the open platform for distributed applications, announces the release of Docker Content Trust, a new feature that uses digital signatures to protect the integrity of Dockerized Content.

The latest capability will be available as a part of Docker Platform 1.8. Content Trust is a characteristic that makes it possible to verify the publisher of Docker images. Docker 1.8 includes support for image signing, a new installer, as well as improvements to Engine, Compose, Swarm, Machine and Registry. The Docker Content Trust works within a user’s existing workflow without requiring users to learn a new set of commands or to be trained on a deep set of security principles. The publisher will be able to securely rotate compromised keys by using the offline key, which should be securely stored offline.

How it Works?

When a publisher pushes an image to a remote registry, Docker signs the image with a private key. When that particular image is later transferred, Docker uses the publisher’s public key to verify that the image the user is about to run is exactly what the publisher created, has not been tampered with, and is up to date. The central commands `push`, `pull`, `build`, `create` and `run` will only operate on images that either have content signatures or explicit content hashes. This provides a confirmation to the IT operations that only signed content is being used in their production infrastructure. Docker will be signing the Docker Hub Official Repos thereby providing users with a trusted set of base images that they can use to build distributed applications.

The release takes advantage of The Update Framework (TUF). With TUF, Docker Content Trust acquires an adaptable way to provide high levels of security when building and distributing Docker images .TUF is a standard for software delivery that ensures secure content distribution. The model has a set of different cryptographic keys that are used for signing and verification of content. TUF protects against different classes of attacks. By leveraging TUF, Docker Content Trust inherits a flexible way to provide high levels of security when building and distributing Docker images.

Content Trust has two distinct keys, an Offline (root) key and a Tagging (per-repository) key that are generated and stored through the client-side the first time a publisher pushes an image. Each repository has its own unique tagging key, which allows the holder to digitally sign Docker images for a particular repository.

The tagging key is used when new content is added or removed from the repository. The tagging key is online; hence it is vulnerable to being compromised. Docker Content Trust also generates a Timestamp key that provides protection against replay attacks that allow a malicious attacker to serve signed and expired content. Docker will manage the Timestamp key thereby decreasing the hassle of constantly refreshing the content client-side. It is built on ‘Notary’ to ensure interoperability with any registry. Notary is an open source project developed by Docker to enable secure and trusted content distribution. An enterprise with its own private registry or third-party solutions can integrate with Notary to have its repositories integrate with Docker Content Trust.