Verify the image signature

The Airlock Microgateway images are signed by the user airlock with the key 88ab3f31c9bb, which can be verified easily.

Verify the images

To verify the signature of the images with the 4.1.0 tag, do the following:

copy

# Login to ensure, that you are not affected by the rate limits
docker login

# Pull the images
docker pull docker.io/ergon/airlock-microgateway-operator:4.1.0
docker pull docker.io/ergon/airlock-microgateway-cni:4.1.0
docker pull docker.io/ergon/airlock-microgateway-engine:4.1.0
docker pull docker.io/ergon/airlock-microgateway-license-guard:4.1.0

# Verify the signatures
docker trust inspect --pretty docker.io/ergon/airlock-microgateway-operator:4.1.0
docker trust inspect --pretty docker.io/ergon/airlock-microgateway-cni:4.1.0
docker trust inspect --pretty docker.io/ergon/airlock-microgateway-engine:4.1.0
docker trust inspect --pretty docker.io/ergon/airlock-microgateway-license-guard:4.1.0

The example output below shows that the image airlock-microgateway-operator with the tag 4.1.0 is signed by the user airlock.

copy

docker trust inspect --pretty docker.io/ergon/airlock-microgateway-operator:4.1.0
 
Signatures for docker.io/ergon/airlock-microgateway-operator:4.1.0
 
SIGNED TAG   DIGEST                                                             SIGNERS 
4.1.0        28ba9373b4777a8f562f7e2ff0aef1b1ba5d16d098aaf89ae4ecd18bc040a496   airlock 
 
List of signers and their keys for docker.io/ergon/airlock-microgateway-operator:4.1.0
 
SIGNER    KEYS 
airlock   88ab3f31c9bb 
 
Administrative keys for docker.io/ergon/airlock-microgateway-operator:4.1.0
 
...
...

Further information and links

External links:
Command-line reference - docker login
Engine security - Content trust in Docker