Generating GPG Keys
The way to generate private and public GPG keys is platform dependent.
The example below shows how to generate the keys on Linux in GPG version 2.1 and up (gpg --help):
Signing Release Bundles
If GPG key pair is created with a passphrase, please be sure to copy the passphrase for keepsake (it will be required by JFrog Distribution for signing Release Bundle)
Uploading GPG Keys
To create a trust between JFrog Distribution, source Artifactory and Artifactory Edge nodes, you will need to deploy your GPG keys to each service.
Upload your GPG keys to the following destinations using the REST API:
- Deploy the generated GPG Key pair (public and private) for JFrog Distribution using the Set Signing Key for the Distribution Service REST API. The keys pair will be stored internally in JFrog Distribution.
- Deploy the generated GPG public key on the source Artifactory and Artifactory Edge node using the Set GPG Public Key REST API. or the using the UI. The public key will be stored under Security->Trusted Keys on the source Artifactory and Artifactory Edge node.