Signing Release Bundles
GPG keys need to be at least 2K.
Note
If you are using a Vault see Vault for instructions.
The way to generate private and public GPG keys is platform-dependent.
The following example displays how to generate the keys on Linux requiring GPG version 2.1 and higher.
Generating GPG keys
# Generate the keys gpg --full-generate-key # Select RSA Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) # Select the size of the key you may use the default value. RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) # Select the validation for the key (0 will not expire) 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) <- Accept the default value by clicking Enter Key does not expire at all Is this correct? (y/N) y # Enter a user ID and email Real name: Email address: Comment: # Export the private key with the specified id to a file gpg --output {private key file name and path} --armor --export-secret-keys {key-id} # Export the public key with the specified id to a file gpg --output {public key file name and path} --armor --export {key-id}
Signing Release Bundles
If the GPG key pair is created using a passphrase, please be sure to copy the passphrase for keepsake as it will be required by JFrog Distribution for signing the Release Bundle.