Over the past few years container adoption has grown rapidly. With it has grown the need to sign container images to help prevent supply chain attacks. The standards and tools to sign images have evolved over the years, and can still be a bit tricky to navigate for those new to container signing. This post will provide a brief background on some of the tools and standards, the pros and cons of each, and some best practices to follow when signing in your environment.

Signing Tools

The first widespread image signing tool was Notary, which was most notably used by Docker Content Trust to sign Docker and verify Docker images. Notary is based on The Update Framework (TUF), a flexible framework and specification for securing software update systems. While Notary was a great start, it had some shortcomings. For example, due to a lack of support for a standard cryptographic API, protection of the signing keys was very limited (note: PKCS#11 support was available but only for the root key). While this may not be a huge problem for individuals, corporations have strict policies on how keys must be managed (e.g., keys must be protected in an HSM or key manager) and so this limitation was an automatic show-stopper for many enterprises. 

The next popular signing tool was Podman, which makes use of GPG for signing. GPG’s security model is not nearly as robust as TUF’s so from a design perspective, Notary has some more desirable qualities. However, by making use of GPG for signing Podman is able to benefit from GPG’s advanced features, including support for PKCS#11, which allows the signing keys to be properly secured in a cryptographic device.

One of the tools currently gaining popularity very quickly is cosign. It has its own signature specification, although it looks to have plans to support TUF-based signatures in the future. For its key management, cosign supports a decent number of integrations. However, until recently the only generic way to integrate cosign with a cryptographic token was via cosign’s PIV integration, which was not useful for enterprises that wished to integrate with their own cryptographic devices or services. Luckily, that has all changed. With the new PKCS#11 integration that Garantir contributed to cosign, enterprises (and individuals) are able to integrate cosign with any cryptographic device or service.

Another tool on the horizon is Notary’s successor, Notation (formerly known as nv2). Notation has its own signature format, but not much defined in terms of key management, and it looks as though only software-based keys are currently supported. We are hopeful that future releases of Notation will support a standard cryptographic interface such as PKCS#11 and look forward to working with the community to make that happen.

Signature Verification 

Signatures are only useful if they are verified. For container signing this is achieved in a couple different ways. For Docker, signature verification is disabled by default but can be enabled by setting an environment variable. For Kubernetes, signature verification is often performed by an admission controller. Luckily, the work of writing an admission controller that does signature verification has already been done by the community. Two options are Connaisseur and Cosigned. Connaisseur supports Notary v1 and cosign signatures (with plans to support Notary v2 signatures in the future) while Cosigned focuses solely on cosign signatures.

Importance of Key Management

Those who understand security know the importance of key management. Indeed, if you don’t properly protect your signing keys, then the signatures you produce provide little value. This is especially true for large organizations or anyone producing software that is used by a lot of users or users that are high-value targets. 

Therefore, it is essential that the signing tools enterprises use support integrations to secure cryptographic devices and services. This is why we are proud to have written the PKCS#11 integration for cosign. While enterprises can use it to integrate with any PKCS#11-compatible device or service, we recommend that users consider integrating it with GaraSign, our secure signing platform.

For more information on container signing, GaraSign, and other security-related manners, get in touch with the Garantir team.