Transferring my sensitive content to JFrog using Public-key encryption

Santhosh P
2021-07-18 22:15

When you need to provide JFrog with sensitive data, such as SSL certificates and keys for example, you will need to sign your content with JFrog's public key. From Wikipedia:



"Public-key encryption, in which a message is encrypted with a recipient's public key. The message cannot be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and the person associated with the public key. This is used in an attempt to ensure confidentiality."


We'll be using the 'gpg' command line tool to do this:


1.Start by retrieving JFrog's public key from here.


2. To be able to sign your content using this key, you'll first need to import it on your system. After downloading the key, do this by running:


gpg –import /path/to/downloaded/jfrog-public.key.asc


Tip: to check whether the key has been imported successfully, run:


gpg –list-keys


The alias for JFrog's key is "JFrog Inc.".


3.After the key has been imported, you will be able to sign your content by specifying the key alias with:


gpg -e -u "Sender User Name" -r "JFrog Inc." somefile


Where "somefile" is your to-be-encrypted content. The gpg tool will prompt you for a final confirmation. 

Once you are done, you should have a "somefile.gpg" file, which is your encrypted content.


*More useful gpg commands can be found in this gpg cheatsheet page.