Transferring my sensitive content to JFrog using Public-key encryption

Transferring my sensitive content to JFrog using Public-key encryption

AuthorFullName__c
Santhosh Pesari
articleNumber
000005113
ft:sourceType
Salesforce
FirstPublishedDate
2021-07-14T23:50:13Z
lastModifiedDate
2021-07-14
VersionNumber
7

When you need to provide JFrog with sensitive data, such as SSL certificates and keys, for example, you will need to sign your content with JFrog's public key. From Wikipedia:

"Public-key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality.

We'll be using the 'gpg' command line tool to do this:
 

1. Start by retrieving JFrog's public key from here.

2. To be able to sign your content using this key, you'll first need to import it into your system. After downloading the key, do this by running:
gpg --import /path/to/downloaded/jfrog-public.key.asc
Tip: to check whether the key has been imported successfully, run:
gpg --list-keys
The alias for JFrog's key is "JFrog Inc.".

3. After the key has been imported, you will be able to sign your content by specifying the key alias with:
gpg -e -u "Sender User Name" -r "JFrog Inc." somefile
Where "somefile" is your to-be-encrypted content. The gpg tool will prompt you for final confirmation. 


Once you are done, you should have a "somefile.gpg" file, which is your encrypted content.

*More useful gpg commands can be found on this gpg cheatsheet page.