It’s probably fair to say that, until recently, CoreOS didn’t like Docker. Why? One of CoreOS’s biggest gripes with Docker was that the container platform’s security infrastructure was half baked.
Specifically, there was no way for Docker images 
to be signed so that anyone using an image could know for sure who had created it and that it hadn’t been tampered with or altered since it was created.
“I think users want signing, the way Apple signs apps in the AppStore,” Kelsey Hightower, CoreOS’s product manager and chief advocate, said earlier this year. “People have been asking for signing with Docker images, and it has never happened. For us that is a security problem.”
But that’s all changed now with the release of Docker 1.8 and the introduction of a new feature called Docker Content Trust (DCT). This integrates The Update Framework (TUF), a secure general design for the problem of software distribution and updates, into Docker using Notary, an open source tool that provides trust over any content.
How does it work? Essentially, it uses some clever PKI-foo. Once activated, when a publisher creates an image and sends it to a remote registry, Docker Engine automatically signs it with the publisher’s private key. This is done at the publisher’s end.
Then when you or I attempt to pull this image from the registry, our Docker Engine checks the publisher’s public key to verify that the image in the repository is identical to the one that the publisher originally created. If it is, then that proves it has not been tampered with.
It also verifies that the image is the most recent and up to date version available. This “up to date” bit is actually quite important from a security perspective, That’s because without it, a signed image that contains a security vulnerability could be pushed to an end user long after the image had been updated to remove the vulnerability.
How exactly does it check for uptodateness? DCT uses a Timestamp key when publishing the image, and the Timestamp key is stored on a remote server managed by Docker where it can be checked.
The cool thing about Docker Content Trust is that it is designed to be transparent — the experience should be nothing at all like the hassle of downloading an application and then comparing the security hash provided by the author with one you have to compute manually.
That means the only time you’ll ever really encounter DCT is when a Docker command hard-fails with a message that says it was not able to verify the content. That indicates the image’s integrity has been compromised.
So far Docker has signed all its official repository images in Docker Hub so that anyone can get a base set of trusted images from which to start building applications.
Of course, signing is not the only thing that’s new in Docker 1.8. Other enhancements include:
All in all, Docker 1.8 is a very nice update and one that shows Docker in particular, and the container landscape in general, are getting more and more mature every month.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.
Paul Rubens is a technology journalist based in England and is an eSecurity Planet and Datamation contributor.
ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
