Differences

This shows you the differences between two versions of the page.

--- docker:security:sign_and_verify_images_to_mitigate_mitm_attacks [2020/04/18 19:50] – peter
+++ docker:security:sign_and_verify_images_to_mitigate_mitm_attacks [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 8: / Line 8: @@
 Tampering may occur over the wire, between the Docker client and the registry, or by compromising the registry of the owner’s account in order to push a malicious image to.
+----
+===== Verify docker images =====
+Docker defaults allow pulling Docker images without validating their authenticity, thus potentially exposing you to arbitrary Docker images whose origin and author aren’t verified.
+Make it a best practice that you always verify images before pulling them in, regardless of policy.
+To experiment with verification, temporarily enable Docker Content Trust with the following command:
+<code>
+export DOCKER_CONTENT_TRUST=1
+</code>
+Now attempt to pull an image that you know is not signed—the request is denied and the image is not pulled.
+----
+===== Sign docker images =====
+Prefer [[https://hub.docker.com/search/?certification_status=certified&type=image|Docker Certified]] images that come from trusted partners who have been vetted and curated by Docker Hub rather than images whose origin and authenticity you can’t validate.
+Docker allows signing images, and by this, provides another layer of protection.  To sign images, use [[https://docs.docker.com/notary/getting_started/|Docker Notary]].  Notary verifies the image signature for you, and blocks you from running an image if the signature of the image is invalid.
+When Docker Content Trust is enabled, as we exhibited above, a Docker image build signs the image. When the image is signed for the first time,  Docker generates and saves a private key in **~/docker/trust** for your user.  This private key is then used to sign any additional images as they are built.
+For detailed instructions on setting up signed images, refer to [[https://docs.docker.com/engine/security/trust/content_trust/|Docker’s official documentation]].
+How is signing docker images with Docker’s Content Trust and Notary different from using GPG?
+Diogo Mónica has a [[https://www.youtube.com/watch?v=JvjdfQC8jxM|great talk]] on this but essentially GPG helps you with verification, not with replay attacks.