Generate GPG Keys

JFrog Distribution Documentation

Products
JFrog Distribution
Content Type
User Guide
ft:sourceType
Paligo

Signing Release Bundles

GPG keys need to be at least 2K.

Note

If you are using a Vault see Vault for instructions.Vault

The way to generate private and public GPG keys is platform-dependent.

The following example displays how to generate the keys on Linux requiring GPG version 2.1 and higher.

Generating GPG keys

# Generate the keys
gpg --full-generate-key 

# Select RSA
Please select what kind of key you want: 
(1) RSA and RSA (default) 
(2) DSA and Elgamal 
(3) DSA (sign only) 
(4) RSA (sign only)  


# Select the size of the key you may use the default value.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)  


# Select the validation for the key (0 will not expire)
0 = key does not expire  = key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) <- Accept the default value by clicking Enter 

Key does not expire at all
Is this correct? (y/N) y 

# Enter a user ID and email
Real name:
Email address:
Comment: 

# Export the private key with the specified id to a file
gpg --output {private key file name and path} --armor --export-secret-keys {key-id}  

# Export the public key with the specified id to a file
gpg --output {public key file name and path} --armor --export {key-id}

Signing Release Bundles

If the GPG key pair is created using a passphrase, please be sure to copy the passphrase for keepsake as it will be required by JFrog Distribution for signing the Release Bundle.