SlideShare a Scribd company logo

Introduction to docker_notary_v1.0.0

Download as PPTX, PDF
Anshul Patel
Anshul Patel

Securing delivery of docker images via Docker Notary and Docker Content Trust

Internet
1 of 14
Introduction to Docker Notary Service Anshul Patel Software Developer at Day Software Debugger at Night
What is Digital Signature? (Ref: https://www.tutorialspoint.com/cryptography/cryptography_digital_signatures.htm )
What and Why Notary? ● Provides high levels of trust over digital content via signatures. ● Ensures that provenance of the digital content. ● Guarantees consistency of digital content in software supply chain. ● Creates, manages, and distributes necessary metadata to ensure the integrity and freshness of your content. ● Notary is hosted by mighty CNCF (Cloud Native Computing Foundation). ● Notary is implementation of The Update Framework (TUF).
But.. Why do we require it? ● Attacker(s) keeps giving you the same update file. ● Attacker(s) provides older insecure update. ● Attacker(s) spoofs the new version of file. ● Attacker(s) compromises the key used to sign these files
Notary Service Architecture ● Clients ● Notary Server ● Notary Server DB ● Notary Signer ● Notary Signer DB (Ref: https://docs.docker.com/notary/service_architecture/#architecture-and-components )
Notary Server ● Ensures that any uploaded metadata is valid, signed, and self-consistent. ● Generates the timestamp (and sometimes snapshot) metadata. ● Servers the latest valid metadata for any trusted collection to the clients.
Notary Signer ● Stores the private signing keys wrapped and encrypted using Javascript Object Signing and Encryption. ● Performs signing operations with the above keys whenever the Notary server requests.
Notary Service HA (Ref: https://docs.docker.com/notary/running_a_service/#rel ated-information)
What and Why Docker Content Trust? ● Part of Docker Daemon Engine. ● Trust is enabled via integration of Notary into Docker Engine. ● When images are pushed to a repository, they are signed with private keys held by the content publisher. ● When a user interacts with the image for the first time, they establish trust with that publisher and then all subsequent interactions require a valid signature verification from that same publisher. ● Protects from image forgery, replay attacks, key compromise. (Ref: https://blog.docker.com/2015/08/content-trust-docker-1-8/)
Docker Content Trust (Ref: https://blog.docker.com/2015/08/content-trust-docker-1-8/)
Key Keys (Pun Intended) for Docker Content Trust ● The Tagging Key: ○ Generated for each new repository the publisher owns. ○ Exported and shared with any person/system that needs the ability to sign content for this repository. ● The Offline/Root Key: ○ Most import key, forms trust of your repository. ○ Different repositories can use the same Offline key. ○ Required for creating a new repository key or rotating an existing key. ○ Should be kept offline for security.
Who uses Notary? ● Cloudflare ● Kolide ● IBM ● Docker Hub ● Compatible with Artifactory ● Financial, Telecom and Healthcare Enterprises.
Demo
Thanks and Questions ? Resource: https://gitlab.com/anshulpatel25/notary-meetup

Recommended

Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0
Anshul Patel
 
Building CLI Applications with Golang
Building CLI Applications with GolangBuilding CLI Applications with Golang
Building CLI Applications with Golang
Anshul Patel
 
Shaker
ShakerShaker
Shaker
Ilya Shakhat
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerD
Docker, Inc.
 
Deploying and managing container-based applications with OpenStack and Kubern...
Deploying and managing container-based applications with OpenStack and Kubern...Deploying and managing container-based applications with OpenStack and Kubern...
Deploying and managing container-based applications with OpenStack and Kubern...
Ihor Dvoretskyi
 
The Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and KubernetesThe Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and Kubernetes
Ihor Dvoretskyi
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migration
openstackindia
 

Recommended

Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0
Anshul Patel
 
Building CLI Applications with Golang
Building CLI Applications with GolangBuilding CLI Applications with Golang
Building CLI Applications with Golang
Anshul Patel
 
Shaker
ShakerShaker
Shaker
Ilya Shakhat
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerD
Docker, Inc.
 
Deploying and managing container-based applications with OpenStack and Kubern...
Deploying and managing container-based applications with OpenStack and Kubern...Deploying and managing container-based applications with OpenStack and Kubern...
Deploying and managing container-based applications with OpenStack and Kubern...
Ihor Dvoretskyi
 
The Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and KubernetesThe Cloud Convergence: OpenStack and Kubernetes
The Cloud Convergence: OpenStack and Kubernetes
Ihor Dvoretskyi
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migration
openstackindia
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
LinuxCon ContainerCon CloudOpen China
 
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier FontanOpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
NETWAYS
 
Online Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKitOnline Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKit
Docker, Inc.
 
Open stack wtf_(1)
Open stack wtf_(1)Open stack wtf_(1)
Open stack wtf_(1)
Ilya Sviridov
 
Android Meets Docker
Android Meets DockerAndroid Meets Docker
Android Meets Docker
Docker, Inc.
 
DevOps and OpenStack December 2012
DevOps and OpenStack December 2012DevOps and OpenStack December 2012
DevOps and OpenStack December 2012
Matt Ray
 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker, Inc.
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
LinuxCon ContainerCon CloudOpen China
 
OpenStack Kolla project update rocky release
OpenStack Kolla project update rocky releaseOpenStack Kolla project update rocky release
OpenStack Kolla project update rocky release
Eduardo Gonzalez Gutierrez
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
LinuxCon ContainerCon CloudOpen China
 
Monitoring Swift - OpenStack Summit May 2015, Vancouver
Monitoring Swift - OpenStack Summit May 2015, VancouverMonitoring Swift - OpenStack Summit May 2015, Vancouver
Monitoring Swift - OpenStack Summit May 2015, Vancouver
Christian Schwede
 
Open stack swift architecture and monitoring
Open stack swift architecture and monitoringOpen stack swift architecture and monitoring
Open stack swift architecture and monitoring
Kavit Munshi
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby Summit
Docker, Inc.
 
Service Mesh For Beginner
Service Mesh For BeginnerService Mesh For Beginner
Service Mesh For Beginner
Mien Dinh
 
The Cloud Convergence: OpenStack and Kubernetes.
The Cloud Convergence: OpenStack and Kubernetes.The Cloud Convergence: OpenStack and Kubernetes.
The Cloud Convergence: OpenStack and Kubernetes.
Ihor Dvoretskyi
 
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
NETWAYS
 
State of Linux Containers in OpenStack
State of Linux Containers in OpenStackState of Linux Containers in OpenStack
State of Linux Containers in OpenStack
openstackindia
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
NETWAYS
 
Civil War: LXD vs Docker
Civil War: LXD vs DockerCivil War: LXD vs Docker
Civil War: LXD vs Docker
OpenNebula Project
 
Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and Hyperledger
Dev_Events
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!
All Things Open
 

More Related Content

What's hot

OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier FontanOpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
NETWAYS
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
LinuxCon ContainerCon CloudOpen China
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
LinuxCon ContainerCon CloudOpen China
 
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
NETWAYS
 
State of Linux Containers in OpenStack
State of Linux Containers in OpenStackState of Linux Containers in OpenStack
State of Linux Containers in OpenStack
openstackindia
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
NETWAYS
 

What's hot (20)

OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier FontanOpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
OpenNebula Conf 2014 | OpenNebula as Open Replacement of vCloud by Javier Fontan
 
Online Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKitOnline Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKit
 
Open stack wtf_(1)
Open stack wtf_(1)Open stack wtf_(1)
Open stack wtf_(1)
 
Android Meets Docker
Android Meets DockerAndroid Meets Docker
Android Meets Docker
 
DevOps and OpenStack December 2012
DevOps and OpenStack December 2012DevOps and OpenStack December 2012
DevOps and OpenStack December 2012
 
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
Docker Enterprise Edition: Building a Secure Supply Chain for the Enterprise ...
 
Rethinking the OS
Rethinking the OSRethinking the OS
Rethinking the OS
 
OpenStack Kolla project update rocky release
OpenStack Kolla project update rocky releaseOpenStack Kolla project update rocky release
OpenStack Kolla project update rocky release
 
Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps. Releasing a Distribution in the Age of DevOps.
Releasing a Distribution in the Age of DevOps.
 
Monitoring Swift - OpenStack Summit May 2015, Vancouver
Monitoring Swift - OpenStack Summit May 2015, VancouverMonitoring Swift - OpenStack Summit May 2015, Vancouver
Monitoring Swift - OpenStack Summit May 2015, Vancouver
 
Open stack swift architecture and monitoring
Open stack swift architecture and monitoringOpen stack swift architecture and monitoring
Open stack swift architecture and monitoring
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby Summit
 
Service Mesh For Beginner
Service Mesh For BeginnerService Mesh For Beginner
Service Mesh For Beginner
 
The Cloud Convergence: OpenStack and Kubernetes.
The Cloud Convergence: OpenStack and Kubernetes.The Cloud Convergence: OpenStack and Kubernetes.
The Cloud Convergence: OpenStack and Kubernetes.
 
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
OpenNebula Conf 2014 | Understanding the OpenNebula Model for Cloud Provision...
 
State of Linux Containers in OpenStack
State of Linux Containers in OpenStackState of Linux Containers in OpenStack
State of Linux Containers in OpenStack
 
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph GaluschkaOpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
OpenNebula Conf 2014: CentOS, QA an OpenNebula - Christoph Galuschka
 
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
OpenNebula Conf 2014 | OpenNebula as alternative to commercial virtualization...
 
Civil War: LXD vs Docker
Civil War: LXD vs DockerCivil War: LXD vs Docker
Civil War: LXD vs Docker
 

Similar to Introduction to docker_notary_v1.0.0

Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and Hyperledger
Dev_Events
 
What-Is-Docker?
What-Is-Docker?What-Is-Docker?
What-Is-Docker?
VinamraPatil2
 
Containers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical SolutionsContainers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical Solutions
Jules Pierre-Louis
 
DCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and ArchitectureDCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and Architecture
Docker, Inc.
 

Similar to Introduction to docker_notary_v1.0.0 (20)

Introduction to Blockchain and Hyperledger
Introduction to Blockchain and HyperledgerIntroduction to Blockchain and Hyperledger
Introduction to Blockchain and Hyperledger
 
Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!Securing Your Resources with Short-Lived Certificates!
Securing Your Resources with Short-Lived Certificates!
 
Hyperledger
HyperledgerHyperledger
Hyperledger
 
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
Drupal Dev Days Vienna 2023 - What is the secure software supply chain and th...
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
 
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
Velocity NYC 2017: Building Resilient Microservices with Kubernetes, Docker, ...
 
Slide DevSecOps Microservices
Slide DevSecOps Microservices Slide DevSecOps Microservices
Slide DevSecOps Microservices
 
Docker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your containerDocker security: Rolling out Trust in your container
Docker security: Rolling out Trust in your container
 
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerBuilding a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
 
Dockercon EU 2015 Recap
Dockercon EU 2015 RecapDockercon EU 2015 Recap
Dockercon EU 2015 Recap
 
What-Is-Docker?
What-Is-Docker?What-Is-Docker?
What-Is-Docker?
 
Containers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical SolutionsContainers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical Solutions
 
Build Time Hacking
Build Time HackingBuild Time Hacking
Build Time Hacking
 
Docker for Ops - Scott Coulton, Puppet
Docker for Ops - Scott Coulton, PuppetDocker for Ops - Scott Coulton, Puppet
Docker for Ops - Scott Coulton, Puppet
 
Using Heroku to elevate the potential of Salesforce development, Matteo Iacucci
Using Heroku to elevate the potential of Salesforce development, Matteo IacucciUsing Heroku to elevate the potential of Salesforce development, Matteo Iacucci
Using Heroku to elevate the potential of Salesforce development, Matteo Iacucci
 
DCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and ArchitectureDCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and Architecture
 
Docker adventures in Continuous Delivery - Alex Vranceanu
Docker adventures in Continuous Delivery - Alex VranceanuDocker adventures in Continuous Delivery - Alex Vranceanu
Docker adventures in Continuous Delivery - Alex Vranceanu
 
Hyperledger community update February 2018
Hyperledger community update February 2018Hyperledger community update February 2018
Hyperledger community update February 2018
 
Devops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.comDevops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.com
 
Common primitives in Docker environments
Common primitives in Docker environmentsCommon primitives in Docker environments
Common primitives in Docker environments
 

More from Anshul Patel

More from Anshul Patel (7)

Chaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos FrameworkChaos engineering with Litmus Chaos Framework
Chaos engineering with Litmus Chaos Framework
 
Chaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin PlatformChaos Engineering with Gremlin Platform
Chaos Engineering with Gremlin Platform
 
Chaos Engineering
Chaos EngineeringChaos Engineering
Chaos Engineering
 
Linux Operating System Fundamentals
Linux Operating System FundamentalsLinux Operating System Fundamentals
Linux Operating System Fundamentals
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Meetup on Apache Zookeeper
Meetup on Apache ZookeeperMeetup on Apache Zookeeper
Meetup on Apache Zookeeper
 
AWS ECS Meetup Talentica
AWS ECS Meetup TalenticaAWS ECS Meetup Talentica
AWS ECS Meetup Talentica
 

Recently uploaded

Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 

Introduction to docker_notary_v1.0.0

  • 1. Introduction to Docker Notary Service Anshul Patel Software Developer at Day Software Debugger at Night
  • 2. What is Digital Signature? (Ref: https://www.tutorialspoint.com/cryptography/cryptography_digital_signatures.htm )
  • 3. What and Why Notary? ● Provides high levels of trust over digital content via signatures. ● Ensures that provenance of the digital content. ● Guarantees consistency of digital content in software supply chain. ● Creates, manages, and distributes necessary metadata to ensure the integrity and freshness of your content. ● Notary is hosted by mighty CNCF (Cloud Native Computing Foundation). ● Notary is implementation of The Update Framework (TUF).
  • 4. But.. Why do we require it? ● Attacker(s) keeps giving you the same update file. ● Attacker(s) provides older insecure update. ● Attacker(s) spoofs the new version of file. ● Attacker(s) compromises the key used to sign these files
  • 5. Notary Service Architecture ● Clients ● Notary Server ● Notary Server DB ● Notary Signer ● Notary Signer DB (Ref: https://docs.docker.com/notary/service_architecture/#architecture-and-components )
  • 6. Notary Server ● Ensures that any uploaded metadata is valid, signed, and self-consistent. ● Generates the timestamp (and sometimes snapshot) metadata. ● Servers the latest valid metadata for any trusted collection to the clients.
  • 7. Notary Signer ● Stores the private signing keys wrapped and encrypted using Javascript Object Signing and Encryption. ● Performs signing operations with the above keys whenever the Notary server requests.
  • 9. What and Why Docker Content Trust? ● Part of Docker Daemon Engine. ● Trust is enabled via integration of Notary into Docker Engine. ● When images are pushed to a repository, they are signed with private keys held by the content publisher. ● When a user interacts with the image for the first time, they establish trust with that publisher and then all subsequent interactions require a valid signature verification from that same publisher. ● Protects from image forgery, replay attacks, key compromise. (Ref: https://blog.docker.com/2015/08/content-trust-docker-1-8/)
  • 10. Docker Content Trust (Ref: https://blog.docker.com/2015/08/content-trust-docker-1-8/)
  • 11. Key Keys (Pun Intended) for Docker Content Trust ● The Tagging Key: ○ Generated for each new repository the publisher owns. ○ Exported and shared with any person/system that needs the ability to sign content for this repository. ● The Offline/Root Key: ○ Most import key, forms trust of your repository. ○ Different repositories can use the same Offline key. ○ Required for creating a new repository key or rotating an existing key. ○ Should be kept offline for security.
  • 12. Who uses Notary? ● Cloudflare ● Kolide ● IBM ● Docker Hub ● Compatible with Artifactory ● Financial, Telecom and Healthcare Enterprises.
  • 13. Demo
  • 14. Thanks and Questions ? Resource: https://gitlab.com/anshulpatel25/notary-meetup