With a Touch, Yubico, Docker Revolutionize Code Signing

Jerrod Chong

Jerrod Chong

2 minute read

Today we released the YubiKey 4. Our next generation product that includes a new function called touch-to-sign, a unique and simple method for code signing that we have brought to life together with Docker, an open platform for distributed applications.

At DockerCon Europe 2015 in Barcelona, Docker and Yubico together unveiled the world’s first touch-to-sign code signing system using the new YubiKey 4. A developer only needs to touch his YubiKey for user presence verification and to digitally sign code, using a private root key stored on the device. This capability is the first hardware signing key to provide content integrity for containers that are part of Docker Content Trust, and it enables secure software lifecycle development for Docker developers, sysadmins, and third-party ISVs. We think it’s slick, and cool, and the future of hardware-backed keys.

As part of YubiKey 4, we also released a new PKCS#11 module that our customers and partners can use with their cryptographic projects. The open standard protocol, PKCS#11, lets applications speak to cryptographic smart card devices, such as the YubiKey 4, and perform cryptographic functions. Docker has integrated the PKCS#11 module into its platform to support touch-to-sign, and we hope this inspires others to develop other cutting-edge security solutions.

This is an important milestone for Yubico and our customers as we complement authentication with another category where the YubiKey excels, strong security with ease-of-use for code signing. Having the root keys stored in the secure element of the YubiKey means attackers cannot duplicate the root key to forge sign operations. Insecure storage of keys, for example in software modules, is often the cause of many of the vulnerabilities found in software packages.

We salute Docker for taking this first major step to help developers secure the creation and on-going maintenance of their code. With Yubikey 4 and touch-to-sign, we hope all Docker users take advantage of this fantastic opportunity to secure their code!

Read Docker’s blog on touch-to-sign.

, ,
Talk to our teamTalk to our team

Share this article:
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day