Signing a container image involves using a digital signature that includes information about the image, such as its hash value, and is created using a private key. The consumer can then verify this signature using a public key from a trusted source.
This provides the following benefits:
- Authenticity: Ensures that the image comes from a trusted source and has not been tampered with.
- Integrity: Guarantees that the image has not been modified since it was signed.
- Trust: Builds trust between the image publisher and the consumers of the image.
We should produce .NET container images that are signed to provide these additional benefits.
Validation would be supported via the notation CLI from the Notary project. The entire workflow of signing and validation would be the same as is described in Announcing Image Signing for Windows Containers
Signing a container image involves using a digital signature that includes information about the image, such as its hash value, and is created using a private key. The consumer can then verify this signature using a public key from a trusted source.
This provides the following benefits:
We should produce .NET container images that are signed to provide these additional benefits.
Validation would be supported via the notation CLI from the Notary project. The entire workflow of signing and validation would be the same as is described in Announcing Image Signing for Windows Containers