Creating .asc signature files with GPG
08/01/2010
First make sure you don’t have a key already:
gpg --list-keys
If you didn’t and need to create a key then run:
gpg --gen-key
It might hang for awhile while generating enough random entropy. Run “ls -R /” to speed things up.
And upload it to a public key server:
gpg --keyserver hkp://pgp.mit.edu --send-keys <keyid>
Now list the keys again to get the keyid:
gpg --list-keys
The keyid is the half after the / in:
pub XXXX/XXXXXXXX 2011-12-05
Then generate your key:
gpg -ab <filename>
If you’re doing this for an upload to the Maven repositories, you’ll need to do this for each of the four file (.jar, -sources.jar, -javadoc.jar, and .pom) and then jar all eight files together in a bundle.jar file. More details available on Maven’s how to generate PGP signatures page.
Also on the same topic: http://www.math.utah.edu/~beebe/PGP-notes.html
On another note: I’m wondering how many people actually use .asc signatures? Maybe someone has more insight on this.
Awhile back even Outlook was unable to correctly handle .asc attachments. I don’t use Outlook myself, so I don’t know if this is still a problem.
Hey Chris, I had to create an .asc to upload to the Maven repository, which is the only thing I’ve ever used it for.
Thanks Ben, This was very clear article. I was able to follow it easily and it worked exactly as described. Very helpful and well written