Transferring my sensitive content to JFrog using Public-key encryption

When you need to provide JFrog with sensitive data, such as SSL certificates and keys for example, you will need to sign your content with JFrog’s public key. From Wikipedia:

“Public-key encryption, in which a message is encrypted with a recipient’s public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.”

We’ll be using the ‘gpg’ command line tool to do this:

1.Start by retrieving JFrog’s public key from Bintray (click on “Download Public Key”)

2.To be able to sign your content using this key, you’ll first need to import it on your system. After downloading the key, do this by running:

gpg –import /path/to/downloaded/jfrog-public.key.asc

Tip: to check whether the key has been imported successfully, run:

gpg –list-keys

The alias for JFrog’s key is “JFrog Inc.”.

3.After the key has been imported, you will be able to sign your content by specifying the key alias with:

gpg -e -u “Sender User Name” -r “JFrog Inc.” somefile

Where “somefile” is your to-be-encrypted content. The gpg tool will prompt your for a final confirmation, and after you are done you should have a “somefile.gpg” file, which is your encrypted content.

*More usesful gpg commands can be found in this gpg cheatsheet page.