Image Manifest V 2, Schema 2 does not contain signature metadata

deamer44 · October 29, 2020, 4:09pm

Whilst looking at how to use asymmetric keys to sign and verify the mainfest file I found the Image Manifest V2, Schema 1, which contains a signature section, once checked provides assurance that the layer SHA hashes are correct.

Is Schema 2 lacking documentation in this feature or is it intentionally removed?

What is the current recommended way for me to insert a signature into a manifest file which can be stored in a registry. Ideally I would like to contain my signature in the manifest file so that I do not have to have a separate server to maintain a list of hashes / signatures

Thanks!

Topic		Replies	Views
Image Upload via HTTP rejected, Missing Signature Key Docker Engine	0	3753	November 5, 2019
Signed images in a private Docker registry Docker Engine	3	1873	November 19, 2015
Get image digest from remote registry via API Open Source Registry API	1	33183	April 20, 2016
How to calculate the layers id in manifest.json in image.tar and what does it mean? General docker	0	1648	March 21, 2017
Sync two registry questions Docker Hub	0	3787	September 4, 2017

Image Manifest V 2, Schema 2 does not contain signature metadata

Related topics