With a Touch, Yubico, Docker Revolutionize Code Signing

Today we released the YubiKey 4. Our next generation product that includes a new function called touch-to-sign, a unique and simple method for code signing that we have brought to life together with Docker, an open platform for distributed applications.

At DockerCon Europe 2015 in Barcelona, Docker and Yubico together unveiled the world’s first touch-to-sign code signing system using the new YubiKey 4. A developer only needs to touch his YubiKey for user presence verification and to digitally sign code, using a private root key stored on the device. This capability is the first hardware signing key to provide content integrity for containers that are part of Docker Content Trust, and it enables secure software lifecycle development for Docker developers, sysadmins, and third-party ISVs. We think it’s slick, and cool, and the future of hardware-backed keys.

As part of YubiKey 4, we also released a new PKCS#11 module that our customers and partners can use with their cryptographic projects. The open standard protocol, PKCS#11, lets applications speak to cryptographic smart card devices, such as the YubiKey 4, and perform cryptographic functions. Docker has integrated the PKCS#11 module into its platform to support touch-to-sign, and we hope this inspires others to develop other cutting-edge security solutions.

This is an important milestone for Yubico and our customers as we complement authentication with another category where the YubiKey excels, strong security with ease-of-use for code signing. Having the root keys stored in the secure element of the YubiKey means attackers cannot duplicate the root key to forge sign operations. Insecure storage of keys, for example in software modules, is often the cause of many of the vulnerabilities found in software packages.

We salute Docker for taking this first major step to help developers secure the creation and on-going maintenance of their code. With Yubikey 4 and touch-to-sign, we hope all Docker users take advantage of this fantastic opportunity to secure their code!

Read Docker’s blog on touch-to-sign.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless