How to recover target keys in docker trust for private registry

General
1

Hi All,

unknowinly while doing my linux machine clean i have ran rm -rf * inside "~/.docker/trust/ " folder so i lost my registry target keys and root keys.

Here i use AWS ECR private registry. so because i have deleted the target keys it starts throwing me below error

The push refers to repository [31***********.dkr.ecr.us-east-2.amazonaws.com/tvs-container]
9c27e219663c: Layer already exists
14.0: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 size: 525
Signing and pushing trust metadata
ERRO[0005] couldn’t add target to targets: could not find necessary signing keys, at least one of these keys must be available: 1aacc92d82f3d0b8da12471ae1e863574d37af145ba5a6f4a350cfdbdc94a64b
failed to sign 31***********.dkr.ecr.us-east-2.amazonaws.com/tvs-container:14.0: could not find necessary signing keys, at least one of these keys must be available: 1aacc92d82f3d0b8da12471ae1e863574d37af145ba5a6f4a350cfdbdc94a64b

I don’t have my signing keys in trust.

I have deleted the complete registry and tried creating new but still it doesn’t help me out.

if i run docker trust inpect it still shows me old entry
[root@cer-2 private]# docker trust inspect 31*************.dkr.ecr.us-east-2.amazonaws.com/tvs-container --pretty

Signatures for 31*************.dkr.ecr.us-east-2.amazonaws.com/tvs-container

SIGNED TAG DIGEST SIGNERS
latest e3c894f93413122556efcaec434443bfc091af68b307a320f060e73459381524 (Repo Admin)

Administrative keys for 313487485676.dkr.ecr.us-east-2.amazonaws.com/tvs-container

Repository Key: 1aacc92d82f3d0b8da12471ae1e863574d37af145ba5a6f4a350cfdbdc94a64b
Root Key: 6b6f040885a0c5a7cb1ad231938e146093e94cf1e3fe2638c7971f61e33dff94

i need to used the same docker engine to push signed images for the same registry with same name.

is there any way i can recover this ? tried rpm uninstall and install still no help

docker version:-

[root@-cer-2 private]# docker version
Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:46:54 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:28 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683

3

hi there,
there is no way to recovery your key. According to docker official documentation you should send them an email in order to recovery your key/password: Manage keys for content trust | Docker Documentation
I think this is the only way.
Hope you got it by now.
jrfuent