Generating a PGP Signatures
- Kamil Ciecierski (Deactivated)
Synchronization Slice artifacts with Maven central requires to provide pgp signatures. For that purpose you need to generate a key pair. Once you'll have your key pair, you'll be able to use your private key to sign artifacts, distribute your public key to public key servers and end-users so that they can validate artifacts signed with your private key.
To generate a valid signature you can use GnuPG software. After successful installation, type in console:
gpg --gen-key
Use the default values when you’ll be asked for the type, the size, and the time of validity for the key. After that, you'll need to type your name, email, and comment for the key. Finally, you'll need to provide a passphase to protect your secret key. The passphrase'll be required during the next steps.
If you generate your key pair correctly, you'll be able to list them to console, e.g.:
gpg --list-keys C:/Users/kamil.ciecierski/AppData/Roaming/gnupg/pubring.gpg ----------------------------------------------------------- pub 2048R/80512E13 2013 - 03 - 04 uid Kamil Ciecierski (Klucz do Slice) <kamil.ciecierski@cognifide.com> sub 2048R/D5B6A98C 2013 - 03 - 04
For the above example 80512E13 is id of the key. You need this idkey to distribute your public key to a key server by typing:
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 80512E13
It will take some time to propagate your public key on the all server, so don't panic if it won't be available at once. After that other people can import your public key from the key server to their local machines. You can check this by typing in console:
gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 80512E13