diff --git a/cmd/dockerd/options.go b/cmd/dockerd/options.go
index c4649ded51..a9c336c357 100644
--- a/cmd/dockerd/options.go
+++ b/cmd/dockerd/options.go
@@ -65,8 +65,6 @@ func (o *daemonOptions) installFlags(flags *pflag.FlagSet) {
 	flags.BoolVar(&o.TLS, FlagTLS, DefaultTLSValue, "Use TLS; implied by --tlsverify")
 	flags.BoolVar(&o.TLSVerify, FlagTLSVerify, dockerTLSVerify || DefaultTLSValue, "Use TLS and verify the remote")
 
-	// TODO use flag flags.String("identity"}, "i", "", "Path to libtrust key file")
-
 	o.TLSOptions = &tlsconfig.Options{}
 	tlsOptions := o.TLSOptions
 	flags.StringVar(&tlsOptions.CAFile, "tlscacert", filepath.Join(dockerCertPath, DefaultCaFile), "Trust certs signed only by this CA")
diff --git a/daemon/daemon.go b/daemon/daemon.go
index 3cf256a751..935a7b44ee 100644
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@@ -1053,19 +1053,6 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 		ContentNamespace:          config.ContainerdNamespace,
 	}
 
-	// This is a temporary environment variables used in CI to allow pushing
-	// manifest v2 schema 1 images to test-registries used for testing *pulling*
-	// these images.
-	if os.Getenv("DOCKER_ALLOW_SCHEMA1_PUSH_DONOTUSE") != "" {
-		imgSvcConfig.TrustKey, err = loadOrCreateTrustKey(config.TrustKeyPath)
-		if err != nil {
-			return nil, err
-		}
-		if err = system.MkdirAll(filepath.Join(config.Root, "trust"), 0700); err != nil {
-			return nil, err
-		}
-	}
-
 	// containerd is not currently supported with Windows.
 	// So sometimes d.containerdCli will be nil
 	// In that case we'll create a local content store... but otherwise we'll use containerd
diff --git a/daemon/images/image_push.go b/daemon/images/image_push.go
index 302ffd8eec..ece46d27ae 100644
--- a/daemon/images/image_push.go
+++ b/daemon/images/image_push.go
@@ -54,7 +54,6 @@ func (i *ImageService) PushImage(ctx context.Context, image, tag string, metaHea
 		},
 		ConfigMediaType: schema2.MediaTypeImageConfig,
 		LayerStores:     distribution.NewLayerProvidersFromStore(i.layerStore),
-		TrustKey:        i.trustKey,
 		UploadManager:   i.uploadManager,
 	}
 
diff --git a/daemon/images/service.go b/daemon/images/service.go
index b1fdcc11ba..2b6532170c 100644
--- a/daemon/images/service.go
+++ b/daemon/images/service.go
@@ -17,7 +17,6 @@ import (
 	"github.com/docker/docker/layer"
 	dockerreference "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/docker/libtrust"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"golang.org/x/sync/singleflight"
@@ -44,7 +43,6 @@ type ImageServiceConfig struct {
 	MaxDownloadAttempts       int
 	ReferenceStore            dockerreference.Store
 	RegistryService           registry.Service
-	TrustKey                  libtrust.PrivateKey
 	ContentStore              content.Store
 	Leases                    leases.Manager
 	ContentNamespace          string
@@ -61,7 +59,6 @@ func NewImageService(config ImageServiceConfig) *ImageService {
 		layerStore:                config.LayerStore,
 		referenceStore:            config.ReferenceStore,
 		registryService:           config.RegistryService,
-		trustKey:                  config.TrustKey,
 		uploadManager:             xfer.NewLayerUploadManager(config.MaxConcurrentUploads),
 		leases:                    config.Leases,
 		content:                   config.ContentStore,
@@ -80,7 +77,6 @@ type ImageService struct {
 	pruneRunning              int32
 	referenceStore            dockerreference.Store
 	registryService           registry.Service
-	trustKey                  libtrust.PrivateKey
 	uploadManager             *xfer.LayerUploadManager
 	leases                    leases.Manager
 	content                   content.Store
diff --git a/daemon/trustkey.go b/daemon/trustkey.go
deleted file mode 100644
index 8d1da5aaa7..0000000000
--- a/daemon/trustkey.go
+++ /dev/null
@@ -1,9 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import "github.com/docker/libtrust"
-
-// LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
-// otherwise generates a new one.
-func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
-	return libtrust.LoadOrCreateTrustKey(trustKeyPath)
-}
diff --git a/daemon/trustkey_test.go b/daemon/trustkey_test.go
deleted file mode 100644
index 1ea66b65b3..0000000000
--- a/daemon/trustkey_test.go
+++ /dev/null
@@ -1,59 +0,0 @@
-package daemon // import "github.com/docker/docker/daemon"
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"gotest.tools/v3/assert"
-	is "gotest.tools/v3/assert/cmp"
-)
-
-// LoadOrCreateTrustKey
-func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
-	tmpKeyFile, err := os.CreateTemp(t.TempDir(), "keyfile")
-	assert.NilError(t, err)
-	_ = tmpKeyFile.Close()
-
-	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
-	assert.Check(t, is.ErrorContains(err, "error loading key file"))
-}
-
-func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
-	tmpKeyFile := filepath.Join(t.TempDir(), "keyfile")
-
-	key, err := loadOrCreateTrustKey(tmpKeyFile)
-	assert.NilError(t, err)
-	assert.Check(t, key != nil)
-
-	_, err = os.Stat(tmpKeyFile)
-	assert.NilError(t, err, "key file doesn't exist")
-}
-
-func TestLoadOrCreateTrustKeyCreateKeyWhenDirectoryDoesNotExist(t *testing.T) {
-	tmpKeyFile := filepath.Join(t.TempDir(), "folder/hierarchy/keyfile")
-	key, err := loadOrCreateTrustKey(tmpKeyFile)
-	assert.NilError(t, err)
-	assert.Check(t, key != nil)
-
-	_, err = os.Stat(tmpKeyFile)
-	assert.NilError(t, err, "key file doesn't exist")
-}
-
-func TestLoadOrCreateTrustKeyCreateKeyNoPath(t *testing.T) {
-	defer os.Remove("keyfile")
-	key, err := loadOrCreateTrustKey("keyfile")
-	assert.NilError(t, err)
-	assert.Check(t, key != nil)
-
-	_, err = os.Stat("keyfile")
-	assert.NilError(t, err, "key file doesn't exist")
-}
-
-func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
-	tmpKeyFile := filepath.Join("testdata", "keyfile")
-	key, err := loadOrCreateTrustKey(tmpKeyFile)
-	assert.NilError(t, err)
-	expected := "AWX2:I27X:WQFX:IOMK:CNAK:O7PW:VYNB:ZLKC:CVAE:YJP2:SI4A:XXAY"
-	assert.Check(t, is.Contains(key.String(), expected))
-}
diff --git a/distribution/config.go b/distribution/config.go
index fa06e3c9c0..afeb669060 100644
--- a/distribution/config.go
+++ b/distribution/config.go
@@ -17,7 +17,6 @@ import (
 	"github.com/docker/docker/pkg/system"
 	refstore "github.com/docker/docker/reference"
 	"github.com/docker/docker/registry"
-	"github.com/docker/libtrust"
 	"github.com/opencontainers/go-digest"
 	specs "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
@@ -74,9 +73,6 @@ type ImagePushConfig struct {
 	ConfigMediaType string
 	// LayerStores manages layers.
 	LayerStores PushLayerProvider
-	// TrustKey is the private key for legacy signatures. This is typically
-	// an ephemeral key, since these signatures are no longer verified.
-	TrustKey libtrust.PrivateKey
 	// UploadManager dispatches uploads.
 	UploadManager *xfer.LayerUploadManager
 }