Word of the Day: Docker Content Trust

Word of the Day Daily updates on the latest technology terms | May 2, 2019 Docker Content Trust Docker Content Trust is a feature in the Docker containerization platform that enables remote registry content to be digitally signed, ensuring that the content is unaltered and is the most current available version when users access it. It works via cryptographic keys. Docker Content Trust was introduced in Docker Engine with version 1.8. Docker Content Trust adds security controls that verify the integrity of container images stored in a registry, such as Docker Hub. Enterprise developers and other users can push or pull (upload or download) container images to a registry. Docker Content Trust addresses two concerns with registries. Users might upload a container image infiltrated with malware, and the users accessing it from that remote repository cannot determine its integrity. And secondly, users can put outdated containers on a registry, which creates interoperability, compatibility or performance problems for the business. In Docker parlance, a repository is a collection of container images with the same name, distinguished by tags, placed in the registry. When a publisher pushes a container image to a remote registry, Docker Engine applies a cryptographic signature to the container image, using the publisher's cryptographic key. The signed image can be pulled from the registry by users, at which point Docker Engine uses the original publisher's public key to verify it is the same. This key check only verifies that the image is the original file, unaltered. Docker Content Trust does not certify the suitability or performance of a container for any particular task. It is possible to pull a verified container image, only for that container to generate errors or perform poorly because it is not production-ready. A user can still upload a malicious container image, and Docker Content Trust will sign the image. Public registry and repository users still bear the responsibility to test and vet a container image. Docker Content Trust is based on Docker Notary tool to publish and manage trusted content and The Update Framework (TUF), which is a framework to secure software update systems. Key features of Docker Content Trust Docker Content Trust uses two cryptographic keys that are created as trust is established. The first time an image publisher pushes their content to the registry, DCT produces an offline key and a tagging key. The tagging key, also known as a repository key, is applied to the publisher's repository and is the shared key used by anyone who needs to sign content for the repository. The offline key is the private or root trust key for the repository. The term offline key indicates that this key's holder should keep it offline, where it is safe from some types of attacks. Container publishers should protect and back up their cryptographic keys. Docker Content Trust automatically generates a timestamp key for the uploaded container file, ensuring the image version is authentically the latest upload presented in the repository. Using these keys, Docker Content Trust can check the cryptographic signature when a user attempts to pull a container. If the keys match, the content is deemed authentic. If not, the user is warned but allowed to proceed if they choose. Quote of the Day "In business and in life, every decision to execute a transaction -- to buy, purchase, lease, acquire, hire a trainer at the gym or even just visit a website -- is an affirmative decision to trust.?" - Jeffrey Ritter Trending Terms CloudTrust Protocol consumer data Information Age blockchain risk management Learning Center Book excerpt: Achieving digital trust in the information age In this excerpt from his new book, attorney and data governance expert Jeffrey Ritter explains why building digital trust is essential to business success in the information age. Airbnb incorporates tech to help build digital trust in data economy As online users are forced to question the authenticity of who they interact with, companies are turning to technology to help build customers' digital trust. Accenture predicts post-digital age where trust is the differentiator The latest Accenture Technology Vision report predicted that in the coming post-digital age, building digital trust with customers, partners and employees will be a major board responsibility. Also: Learn why 'DARQ' technologies are the new SMAC. Building digital trust: Making the most of your information assets Corporate and bottom-line success increasingly relies on managing information assets. Jeffrey Ritter, information management expert, explains why building 'digital trust' helps. Developing digital trust in the IoT era New data privacy regulations and company efforts are making strides in establishing digital trust in the era of the internet of things. Quiz Yourself Supporting data for those risk indicators ______ going to be difficult to obtain. a. is b. are Answer Stay in Touch For feedback about any of our definitions or to suggest a new definition, please contact me at: mrouse@techtarget.com Visit the Word of the Day Archives and catch up on what you've missed! FOLLOW US About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Whatis.com, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget, Whatis, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2018 TechTarget. All rights reserved.