Docker Community Forums

Share and learn in the Docker community.

Protect image metadata individually (without image)?


(Rotschopf) #1

Hi,

i’m currently looking into DCT and its abilities for a use case we have.

We want to transmit metadata associated with an image in a secure (confidential, authenticated, integrity protected, replay safe) way without downloading the image.

Thus I have some questions.

  1. Is image metadata, in particular labels, retrievable without downloading the image itself.
  2. Is image metadata protected by DCT?
  3. If so, are they verifiable without the image?

I was only able to find source code for image verification that did not include metadata.

Any help is appreciated,
Thanks


(Dwake) #2

You can retrieve metadata with the notary command-line client. For example:

> notary -s https://notary-server:4443 list registry-server:5000/my_image

   NAME                                DIGEST                                SIZE (BYTES)    ROLE
----------------------------------------------------------------------------------------------------
 my_tag     ddc5ca1740a5526d731f86a9a2250819cf06c7b5495f828c1d9fddf91c1d9466   920            targets