Using Artifactory 6.x ?
JFrog Artifactory 6.x User Guide
Still using Artifactory 4.x ?
JFrog Artifactory 4.x User Guide
Have a question? Want to report an issue? Contact JFrog support
Artifactory lets you manage a pair of GPG signing keys so you can sign packages for authentication in several formats such as Debian, Opkg and YUM. You can manage your GPG signing keys in the Admin module under Security | Signing Keys.
The way to generate keys is platform dependent.
The example below shows how to generate the public and private keys on Linux:
You also need to specify a pass phrase that must be used together with the signing keys. The pass phrase can be saved, or passed in with a REST API call.
To upload your signing keys, in the Admin tab, go to Security | Signing Keys.
Once you have specified the key file, select the "Upload" button for the corresponding field.
Artifactory will indicate when keys are installed, and you can click on the Public key is installed link to download the public key.
If your signing keys were created with a pass-phrase, enter it in the designated field. You can click "Verify" to make sure the pass-phrase matches the uploaded keys.
Click "Save" to save your changes.
Don't forget to click "Save"
To ensure that your signing keys are properly stored in Artifactory's database, you need to click "Save" even if your signing keys do not have a pass-phrase.
Upload your pass-phrase with REST
If you prefer not to upload your pass phrase using the UI, you can set it using the REST API.
Once you have uploaded your signing keys, you can download your public key whenever needed using the Public key is installed link.