The business of the moment Dockerhas announced the availability of Docker Content Trust, a new capability that uses digital signatures to ensure the integrity of Docker content. The new functionality will be available as part of Docker platform release 1.8, and allows Docker users to operate exclusively on signed content when building or deploying Dockerized applications.
According to Docker the new solution is implemented to work within a user’s existing workflow and doesn’t require developers to learn a new set of commands or to be trained on a deep set of security principles.
When enabled, Docker Content Trust ensures that all operations using a remote registry enforce the signing and verification of images. In particular, Docker’s central commands `push`, `pull`, `build`, `create` and `run` will only operate on images that either have content signatures or explicit content hashes. The result is that IT operations teams have the assurance that only signed content is being used in their production infrastructure.
The new security is based on The Update Framework (TUF) a standard for software delivery and secure content distribution. At the heart of this model are a set of different cryptographic keys that are used for signing and verification of content. TUF was built to allow the resistance against a variety of different classes of attacks.
Docker Content Trust has two distinct keys, an Offline (root) key and a Tagging (per-repository) key that are generated and stored client-side the first time a publisher pushes an image. Each repository has its own unique tagging key, which allows the holder to digitally sign Docker images for a particular repository. The tagging key is used any time new content is added or removed from the repository. To prevent the tagging key becoming vulnerable – it’s stored online and open to attack - Docker Content Trust can securely rotate compromised keys by using the offline key, which should be securely stored offline.
Docker Content Trust also generates a Timestamp key that provides protection against replay attacks, which would allow a malicious actor to serve signed but expired content. Docker will manage the Timestamp key reducing the hassle of having to constantly refresh the content client-side.
Docker Content Trust is enabled through an integration of Notary into Docker Engine. Designed to be platform agnostic, Notary is an open source project developed by Docker to serve as “infrastructure plumbing” for secure and trusted content distribution. An enterprise with its own private registry or third-party solutions can integrate with Notary to have its repositories integrate with Docker Content Trust.
“As organisations evolve from a monolithic software architecture to distributed applications, the secure distribution of software becomes increasingly difficult to solve,” said Diogo Mónica, Security Lead for Docker. “Without a standard method for validating the integrity of content, Docker has the unique opportunity to leapfrog the status quo and build a system that meets the strongest standard for software distribution. With Docker Content Trust, users have a solution that works across any infrastructure, offering security guarantees that were not previously available to them.”