Browse code
Clarify when keys are created and fix missing of
Signed-off-by: Chris Swan <chris.swan@iee.org>
Conflicts:
docs/security/trust/content_trust.md
Chris Swan authored on 2015/09/17 15:23:12Showing 1 changed files
| ... | ... |
@@ -104,8 +104,9 @@ content hash always succeeds as long as the hash exists: |
| 104 | 104 |
$ docker pull someimage@sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a |
| 105 | 105 |
``` |
| 106 | 106 |
|
| 107 |
-Trust for an image tag is managed through the use of signing keys. Docker's content |
|
| 108 |
-trust makes use four different keys: |
|
| 107 |
+Trust for an image tag is managed through the use of signing keys. A key set is |
|
| 108 |
+created when an operation using content trust is first invoked. Docker's content |
|
| 109 |
+trust makes use of four different keys: |
|
| 109 | 110 |
|
| 110 | 111 |
| Key | Description | |
| 111 | 112 |
|---------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| ... | ... |
@@ -131,7 +132,7 @@ The following image depicts the various signing keys and their relationships: |
| 131 | 131 |
You should backup the offline key somewhere safe. Given that it is only required |
| 132 | 132 |
to create new repositories, it is a good idea to store it offline. Make sure you |
| 133 | 133 |
read [Manage keys for content trust](/security/trust/trust_key_mng) information |
| 134 |
-for details on creating, securing, and backing up your keys. |
|
| 134 |
+for details on securing, and backing up your keys. |
|
| 135 | 135 |
|
| 136 | 136 |
## Survey of typical content trust operations |
| 137 | 137 |
|