Under the Artifactory -> Security -> Keys Management, we can start by looking to the Signing Keys tab. To create and upload the GPG Keys, we can look at the documentation.
Now, what will this actually achieve? For RPM repositories, we will need to navigate to the specific repositories and select the GPG Key Pair we have configured to be used when signing the metadata files Artifactory generates. With this, once the metadata is generated, we expect to see the created Release file and now will see the signed Release.gpg. This is Artifactory confirming this Release file has not been manipulated in any way from the generated metadata.
The same applies for Debian. We will select the GPG Key Pair for the specific repositories and now expect to see the repodata.xml and the newly generated repodata.xml.asc.
Now, what will this actually achieve? For RPM repositories, we will need to navigate to the specific repositories and select the GPG Key Pair we have configured to be used when signing the metadata files Artifactory generates. With this, once the metadata is generated, we expect to see the created Release file and now will see the signed Release.gpg. This is Artifactory confirming this Release file has not been manipulated in any way from the generated metadata.
The same applies for Debian. We will select the GPG Key Pair for the specific repositories and now expect to see the repodata.xml and the newly generated repodata.xml.asc.