Hi everyone,
I'm learning about DCT, docker container trust, and I'm still confused when it comes to signing and verifying.
The keys are still not clear for me when I read the definitions and try to use them where they have been used in the doc:
- when you push using DCT for the 1st time, it says there are 4 keys generated among them the target key: how it is being used? and how can a consumer verify its signature (unlike the delegation, which public key is stored in notary and serves to verify the image)
- is the target key the same as the private delegation key?
- are there specific use-cases when one should favor one type of key over another?
- finally, the verification process, is there a way to provide some sort of a diagram flow or step by step procedure of what's happening when pushing/pulling a signed image and the role of notary in it, since it's keeping the public key?
There are a lot of details and concepts, and I appreciate all the efforts that are being made, because yes, it is well-documented as far as i can tell, it's just some confusions I ran into and I was hoping I could get rid of them.
If there are some answers you could provide in the meantime, I wouldn't say no to that.
Thank you
Hi everyone,
I'm learning about DCT, docker container trust, and I'm still confused when it comes to signing and verifying.
The keys are still not clear for me when I read the definitions and try to use them where they have been used in the doc:
There are a lot of details and concepts, and I appreciate all the efforts that are being made, because yes, it is well-documented as far as i can tell, it's just some confusions I ran into and I was hoping I could get rid of them.
If there are some answers you could provide in the meantime, I wouldn't say no to that.
Thank you