diff --git a/docker/daemon.go b/docker/daemon.go
index ed931bc471..eef17efdc4 100644
--- a/docker/daemon.go
+++ b/docker/daemon.go
@@ -79,7 +79,6 @@ func mainDaemon() {
 	job.Setenv("TlsCa", *flCa)
 	job.Setenv("TlsCert", *flCert)
 	job.Setenv("TlsKey", *flKey)
-	job.Setenv("TrustKey", *flTrustKey)
 	job.SetenvBool("BufferRequests", true)
 	if err := job.Run(); err != nil {
 		log.Fatal(err)
diff --git a/docker/docker.go b/docker/docker.go
index 215f15b3e3..37cd155bb7 100644
--- a/docker/docker.go
+++ b/docker/docker.go
@@ -7,7 +7,6 @@ import (
 	"io/ioutil"
 	"log"
 	"os"
-	"path"
 	"strings"
 
 	"github.com/docker/docker/api"
@@ -16,7 +15,6 @@ import (
 	flag "github.com/docker/docker/pkg/mflag"
 	"github.com/docker/docker/reexec"
 	"github.com/docker/docker/utils"
-	"github.com/docker/libtrust"
 )
 
 const (
@@ -64,20 +62,6 @@ func main() {
 	}
 	protoAddrParts := strings.SplitN(flHosts[0], "://", 2)
 
-	err := os.MkdirAll(path.Dir(*flTrustKey), 0700)
-	if err != nil {
-		log.Fatal(err)
-	}
-	trustKey, keyErr := libtrust.LoadKeyFile(*flTrustKey)
-	if keyErr == libtrust.ErrKeyFileDoesNotExist {
-		trustKey, keyErr = libtrust.GenerateECP256PrivateKey()
-		if keyErr == nil {
-			keyErr = libtrust.SaveKey(*flTrustKey, trustKey)
-		}
-	}
-	if keyErr != nil {
-		log.Fatal(keyErr)
-	}
 	var (
 		cli       *client.DockerCli
 		tlsConfig tls.Config
@@ -112,9 +96,9 @@ func main() {
 	}
 
 	if *flTls || *flTlsVerify {
-		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], &tlsConfig)
 	} else {
-		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, trustKey, protoAddrParts[0], protoAddrParts[1], nil)
+		cli = client.NewDockerCli(os.Stdin, os.Stdout, os.Stderr, nil, protoAddrParts[0], protoAddrParts[1], nil)
 	}
 
 	if err := cli.Cmd(flag.Args()...); err != nil {