How to extend the expire GPG key pair deadline and retrieve passphrase
6.x and 7.x
Artifactory supports gpg key signing. In general, we suggest not to set an expiration date for the signing key pairs.
However, if you used an gig key pair that has expiration date. You can extend the expiration date. You will need the private.key at an minimum. You can download the public key and restore passphrase from artifactory if you don't have it.
- Download public key from artifactory. If you don't know the passphrase, jump to step 10 to restore your passphrase first.
2. Import public key using
$ gpg --import public.key
3. Import private key using
$ gpg --import private.key
4. Get the public key id:
$ gpg --list-keys
pub rsa2048 2018-04-28 [SC] [expired: 2020-04-27]
uid [ expired] paul pan <firstname.lastname@example.org>
5. Edit public key
$ gpg --edit-key 45E51D7FCBB41DB20F320B3935027CAC83A95B6C
6. You should have entered the gpg shell by now. Use numbers to select the key you want to edited or run list to see all the keys. Enter 0 from primary key
gpg> key 0
7. Once the key is elected, run expire command to change the expiration date
8. Save changes
9. Upload the public key back to Artifactory. You don't have to change private key since private key does not expire.
To restore passphrase for you gpg key pair.
10. Run this API the decrypt your system
$ curl -uadmin:password -X POST https://<Your_host>/artifactory/api/system/decrypt
11. Check config descriptors in UI ( Admin -> Artifactory -> Config Descriptor ) or $ARTIFACTORY_HOME/etc/artifactory/artifactory.config.latest.xml
Look for <passphrase> under <keyPair> section.
12. Save the passphrase and run encrypt api to encrypt your system again
$ curl -uadmin:password -X POST https://<Your_host>/artifactory/api/system/encrypt