For this article, we want to understand the use and setup for signing and verifying Artifactory generated artifacts. Artifactory will not and cannot sign for packages it does not create. Artifactory generates its own metadata files for all packages so that is what we can sign for RPM and Debian repositories.