diff --git a/vendor.conf b/vendor.conf
index 99855a500..4106a3352 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -89,7 +89,7 @@ github.com/containernetworking/cni 4cfb7b568922a3c79a23e438dc52fe537fc9687e # v0
 github.com/containerd/go-cni 0d360c50b10b350b6bb23863fd4dfb1c232b01c9
 
 # image decrypt depedencies
-github.com/containerd/imgcrypt 60475d2a2a95344ebcef9a456a4c9a1c7fcf4169
+github.com/containerd/imgcrypt 99334633d4657af3f32670947eb1008250e564d9
 github.com/containers/ocicrypt 142388cb70de0fe8c7edd921df79e477ab8b3051
 gopkg.in/square/go-jose.v2 v2.3.1 https://github.com/square/go-jose.git
 github.com/fullsailor/pkcs7 8306686428a5fe132eac8cb7c4848af725098bd4
diff --git a/vendor/github.com/containerd/imgcrypt/README.md b/vendor/github.com/containerd/imgcrypt/README.md
index 0f9e27673..5e9aaf8a3 100644
--- a/vendor/github.com/containerd/imgcrypt/README.md
+++ b/vendor/github.com/containerd/imgcrypt/README.md
@@ -96,7 +96,7 @@ Hello World!
 **imgcrypt** is a non-core containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE).
 As a containerd sub-project, you will find the:
  * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
- * [Maintainers](MAINTAINERS.md),
+ * [Maintainers](MAINTAINERS),
  * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
 
 information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/vendor/github.com/containerd/imgcrypt/go.mod b/vendor/github.com/containerd/imgcrypt/go.mod
new file mode 100644
index 000000000..41ac17ad9
--- /dev/null
+++ b/vendor/github.com/containerd/imgcrypt/go.mod
@@ -0,0 +1,39 @@
+module github.com/containerd/imgcrypt
+
+go 1.13
+
+require (
+	github.com/Microsoft/go-winio v0.4.14
+	github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4
+	github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601 // indirect
+	github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50
+	github.com/containerd/containerd v1.3.0
+	github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 // indirect
+	github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 // indirect
+	github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda // indirect
+	github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8 // indirect
+	github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd
+	github.com/containers/ocicrypt v0.0.0-20190930154801-b87a4a69c741
+	github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b // indirect
+	github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible // indirect
+	github.com/docker/go-events v0.0.0-20170721190031-9461782956ad // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55 // indirect
+	github.com/gogo/googleapis v1.2.0 // indirect
+	github.com/gogo/protobuf v1.2.1
+	github.com/imdario/mergo v0.3.8 // indirect
+	github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2
+	github.com/opencontainers/image-spec v1.0.1
+	github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9 // indirect
+	github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559
+	github.com/pkg/errors v0.8.1
+	github.com/prometheus/procfs v0.0.8 // indirect
+	github.com/sirupsen/logrus v1.4.2
+	github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
+	github.com/urfave/cli v1.22.1
+	go.etcd.io/bbolt v1.3.3 // indirect
+	golang.org/x/net v0.0.0-20190522155817-f3200d17e092 // indirect
+	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
+	golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e // indirect
+	google.golang.org/grpc v1.24.0
+)
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519.go b/vendor/golang.org/x/crypto/ed25519/ed25519.go
index d6f683ba3..c7f8c7e64 100644
--- a/vendor/golang.org/x/crypto/ed25519/ed25519.go
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519.go
@@ -2,6 +2,11 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+// In Go 1.13, the ed25519 package was promoted to the standard library as
+// crypto/ed25519, and this package became a wrapper for the standard library one.
+//
+// +build !go1.13
+
 // Package ed25519 implements the Ed25519 signature algorithm. See
 // https://ed25519.cr.yp.to/.
 //
diff --git a/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go b/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go
new file mode 100644
index 000000000..d1448d8d2
--- /dev/null
+++ b/vendor/golang.org/x/crypto/ed25519/ed25519_go113.go
@@ -0,0 +1,73 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build go1.13
+
+// Package ed25519 implements the Ed25519 signature algorithm. See
+// https://ed25519.cr.yp.to/.
+//
+// These functions are also compatible with the “Ed25519” function defined in
+// RFC 8032. However, unlike RFC 8032's formulation, this package's private key
+// representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the RFC
+// 8032 private key as the “seed”.
+//
+// Beginning with Go 1.13, the functionality of this package was moved to the
+// standard library as crypto/ed25519. This package only acts as a compatibility
+// wrapper.
+package ed25519
+
+import (
+	"crypto/ed25519"
+	"io"
+)
+
+const (
+	// PublicKeySize is the size, in bytes, of public keys as used in this package.
+	PublicKeySize = 32
+	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
+	PrivateKeySize = 64
+	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+	SignatureSize = 64
+	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+	SeedSize = 32
+)
+
+// PublicKey is the type of Ed25519 public keys.
+//
+// This type is an alias for crypto/ed25519's PublicKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PublicKey = ed25519.PublicKey
+
+// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
+//
+// This type is an alias for crypto/ed25519's PrivateKey type.
+// See the crypto/ed25519 package for the methods on this type.
+type PrivateKey = ed25519.PrivateKey
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+	return ed25519.GenerateKey(rand)
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+	return ed25519.NewKeyFromSeed(seed)
+}
+
+// Sign signs the message with privateKey and returns a signature. It will
+// panic if len(privateKey) is not PrivateKeySize.
+func Sign(privateKey PrivateKey, message []byte) []byte {
+	return ed25519.Sign(privateKey, message)
+}
+
+// Verify reports whether sig is a valid signature of message by publicKey. It
+// will panic if len(publicKey) is not PublicKeySize.
+func Verify(publicKey PublicKey, message, sig []byte) bool {
+	return ed25519.Verify(publicKey, message, sig)
+}