Encrypt and Decrypt issues #1010

CJNabla · 2022-04-24T07:16:19Z

CJNabla
Apr 24, 2022

In the ocicrypt.md, follow your tutorial to do image encryption. It is found that the container does not need a secret key when running, so what is the meaning of encryption?

As ocicrypt.md descripts, "No flag is needed for running encrypted images with nerdctl run, as long as the private key is stored in /etc/containerd/ocicrypt/keys (for rootless ~/.config/containerd/ocicrypt/keys)."
I found that even if the private key is not stored in the target, I can still run encrypted images without any flag about encryption.

Answered by AkihiroSuda

Apr 25, 2022

It is found that the container does not need a secret key when running

The key is required for unpacking an encrypted image.
Running an already unpacked image does not need the key.

View full answer

AkihiroSuda · 2022-04-25T05:20:37Z

AkihiroSuda
Apr 25, 2022
Maintainer

It is found that the container does not need a secret key when running

The key is required for unpacking an encrypted image.
Running an already unpacked image does not need the key.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Encrypt and Decrypt issues #1010

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

Encrypt and Decrypt issues #1010

CJNabla Apr 24, 2022

Replies: 1 comment

AkihiroSuda Apr 25, 2022 Maintainer

CJNabla
Apr 24, 2022

AkihiroSuda
Apr 25, 2022
Maintainer