Based on The Update Framework (TUF), conda-content-trust contains a set of tools to enable package managers like conda to protect against tampering, so that when users obtain a package or data about that package, those users can know whether or not the data is trustworthy (e.g. originally comes from a reliable source and has not been tampered with). A basic library and basic CLI are included to provide signing, verification, and trust delegation functionality. This exists as an alteration of TUF because of the very particular needs of the conda ecosystem. (Developers are encouraged to just use TUF whenever possible!) This tool is general purpose. It is currently used in conda 4.10.1+ to verify package metadata signatures when they are available.