You must create a key pair for use by the Evidence service. The private key is used to sign evidence uploaded to Artifactory to ensure its integrity and immutability. The public key can optionally be used to verify evidence after it has been uploaded. Artifactory supports the following key types for signing and verifying evidence:
Key Type | Command to Create Key Pair |
|---|---|
RSA | openssl genrsa -out private.pem 2048 openssl rsa -in private.pem -pubout -out public.pem |
EC | openssl ecparam -name secp256r1 -genkey -noout -out private.pem openssl ec -in private.pem -pubout > public.pem |
ED25519 | openssl genpkey -algorithm ed25519 -out private.pem openssl pkey -in private.pem -pubout -out public.pem |
Important
It is recommended to use a command line-based copy command, such as pccopy, to copy the private key into Artifactory instead of cutting-and-pasting from the terminal UI, which can add stray special characters to the key.
After generating the key pair, it is recommended to continue with Upload the Public Key to Artifactory.
Generate Key Pair in the JFrog CLI
You can use the JFrog CLI to generate an ECDSA P-256 key pair and upload the public key to Artifactory with a single command. For complete details, see Generate Evidence Key Pair CLI.