Sign Debian Metadata

JFrog Artifactory Documentation

JFrog Artifactory
Content Type
User Guide

Artifactory supports signing Debian repository metadata (not packages) using a GPG key. This process will create a signed Release file named Release.gpg, which will be shipped alongside the Release file. Artifactory will store and manage public and private keys that are used to sign and verify Debian packages.

To generate a pair of GPG keys and upload them to Artifactory, see Managing Signing Keys.Manage Signing Keys