From 4749307202722c38a250f7695b46867ba5063775 Mon Sep 17 00:00:00 2001 From: scjane Date: Tue, 21 Feb 2017 16:53:34 +0800 Subject: [PATCH 1/3] Update trust_key_mng.md --- engine/security/trust/trust_key_mng.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/engine/security/trust/trust_key_mng.md b/engine/security/trust/trust_key_mng.md index 825c925f3be..5236e604970 100644 --- a/engine/security/trust/trust_key_mng.md +++ b/engine/security/trust/trust_key_mng.md @@ -7,13 +7,13 @@ title: Manage keys for content trust Trust for an image tag is managed through the use of keys. Docker's content trust makes use of five different types of keys: -| Key | Description | -|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| root key | Root of content trust for an image tag. When content trust is enabled, you create the root key once. Also known as the offline key, because it should be kept offline. | -| targets | This key allows you to sign image tags, to manage delegations including delegated keys or permitted delegation paths. Also known as the repository key, since this key determines what tags can be signed into an image repository. | -| snapshot | This key signs the current collection of image tags, preventing mix and match attacks. -| timestamp | This key allows Docker image repositories to have freshness security guarantees without requiring periodic content refreshes on the client's side. | -| delegation | Delegation keys are optional tagging keys and allow you to delegate signing image tags to other publishers without having to share your targets key. | +| Key | Description | +|:-----------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| root key | Root of content trust for an image tag. When content trust is enabled, you create the root key once. Also known as the offline key, because it should be kept offline. | +| targets | This key allows you to sign image tags, to manage delegations including delegated keys or permitted delegation paths. Also known as the repository key, since this key determines what tags can be signed into an image repository. | +| snapshot | This key signs the current collection of image tags, preventing mix and match attacks. | +| timestamp | This key allows Docker image repositories to have freshness security guarantees without requiring periodic content refreshes on the client's side. | +| delegation | Delegation keys are optional tagging keys and allow you to delegate signing image tags to other publishers without having to share your targets key. | When doing a `docker push` with Content Trust enabled for the first time, the root, targets, snapshot, and timestamp keys are generated automatically for @@ -37,9 +37,9 @@ repositories created with newer versions of Docker. ## Choosing a passphrase The passphrases you chose for both the root key and your repository key should -be randomly generated and stored in a password manager. Having the repository key +be randomly generated and stored in a password manager. Having the repository key allows users to sign image tags on a repository. Passphrases are used to encrypt -your keys at rest and ensures that a lost laptop or an unintended backup doesn't +your keys at rest and ensure that a lost laptop or an unintended backup doesn't put the private key material at risk. ## Back up your keys From bd576ee114191d42947dea202ec5a7f164865d6e Mon Sep 17 00:00:00 2001 From: scjane Date: Thu, 23 Feb 2017 14:57:05 +0800 Subject: [PATCH 2/3] Update trust_key_mng.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace. --- engine/security/trust/trust_key_mng.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/engine/security/trust/trust_key_mng.md b/engine/security/trust/trust_key_mng.md index 5236e604970..f8da67b5a7c 100644 --- a/engine/security/trust/trust_key_mng.md +++ b/engine/security/trust/trust_key_mng.md @@ -7,13 +7,13 @@ title: Manage keys for content trust Trust for an image tag is managed through the use of keys. Docker's content trust makes use of five different types of keys: -| Key | Description | -|:-----------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| root key | Root of content trust for an image tag. When content trust is enabled, you create the root key once. Also known as the offline key, because it should be kept offline. | +| Key | Description | +|:-----------|:----------- | +| root key | Root of content trust for an image tag. When content trust is enabled, you create the root key once. Also known as the offline key, because it should be kept offline. | | targets | This key allows you to sign image tags, to manage delegations including delegated keys or permitted delegation paths. Also known as the repository key, since this key determines what tags can be signed into an image repository. | -| snapshot | This key signs the current collection of image tags, preventing mix and match attacks. | -| timestamp | This key allows Docker image repositories to have freshness security guarantees without requiring periodic content refreshes on the client's side. | -| delegation | Delegation keys are optional tagging keys and allow you to delegate signing image tags to other publishers without having to share your targets key. | +| snapshot | This key signs the current collection of image tags, preventing mix and match attacks. | +| timestamp | This key allows Docker image repositories to have freshness security guarantees without requiring periodic content refreshes on the client's side. | +| delegation | Delegation keys are optional tagging keys and allow you to delegate signing image tags to other publishers without having to share your targets key. | When doing a `docker push` with Content Trust enabled for the first time, the root, targets, snapshot, and timestamp keys are generated automatically for From 9ee30e0bdfdb44fa71545321e8c973ec3cc29461 Mon Sep 17 00:00:00 2001 From: scjane Date: Thu, 23 Feb 2017 14:58:14 +0800 Subject: [PATCH 3/3] Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don‘t know how the whitespace appears, and it seems that it appears because something happened related to its original format (right-aligned pipe characters) and my change. Still unknown. Now I've deleted some redundant whitespace.