Image Signing and Verification Support

Registered by Brianna Poulos on 2015-04-07

OpenStack currently doesn't support either of the following features:

* Signing and signature validation of bootable images
* Validation of uploaded signed images

This blueprint adds support for both of these features. If an uploaded image is signed, Glance will verify the signature prior to storing it. In each of the uploadable cases, proper entry of the appropriate crypto mode selection and keys will be necessary. Deploying authentication will protect against counterfeit images as well as unauthorized images. Integration with Barbican will provide key management support for signing keys. This feature improves the enterprise-ready posture of OpenStack.

Blueprint information

Status:
Complete
Approver:
Nikhil Komawar
Priority:
Medium
Drafter:
Brianna Poulos
Direction:
Needs approval
Assignee:
Brianna Poulos
Definition:
New
Series goal:
Accepted for liberty
Implementation:
Implemented
Milestone target:
milestone icon 11.0.0
Started by
Thierry Carrez on 2015-09-02
Completed by
Thierry Carrez on 2015-09-03

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/image-signing-and-verification-support,n,z

Addressed by: https://review.openstack.org/183110
    Add image signing verification

Addressed by: https://review.openstack.org/183137
    Add image signing verification

Addressed by: https://review.openstack.org/214726
    Add unit tests for signature_utils class

Addressed by: https://review.openstack.org/219731
    Update style for signature_utils class

Addressed by: https://review.openstack.org/329112
    Add image signature verification metadefs

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.