Updated on 2025-07-24 GMT+08:00

Configuring a GPG Public Key

Introduction

GNU Privacy Guard (GPG) is a method used for digital signature and authentication. When you push the local code to CodeArts Repo, a GPG public key ensures trusted sources and code integrity by signing and verifying Git code commits and tags in Git. You can view Constraints and configure a GPG public key by referring to Procedure.

The procedure for generating and using a GPG public key is as follows:

  1. Generate a GPG public key. Generate a key pair consisting of a public key and a private key by referring to Configuring a GPG Public Key, and configure the GPG public key to CodeArts Repo. The private key is kept confidential.
  2. Sign data. When developers want to sign code commits, they can use their own private keys to sign the code commits.
  3. Verify the signature. CodeArts Repo can verify the signature using the public key. If the verification is successful, the data has not been tampered with and comes from the user associated with the GPG public key.

Constraints

A GPG public key cannot be used repeatedly.

Procedure

  1. Download the GPG key generation tool from gpg4win official site.
  2. Run the gpg --full-generate-key command on the local Git client, select the encryption algorithm, key length, expiration time, and correctness in sequence as prompted, and enter a username, email address, and comment, as shown in Figure 1.

    Figure 1 Generating a GPG Key Pair

  3. After confirming that the information is correct, type O and press Enter as prompted. In the displayed dialog box for entering and confirming the password, enter the correct password to generate a key.

    If the information shown in Figure 2 is displayed, the GPG key is generated successfully.

    Figure 2 Successful generation of a GPG key

  4. Run the following command to export the public key:

    gpg --armor --export
    As shown in Exporting the GPG public key, copy the public key to the clipboard, including -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.
    Figure 3 Exporting the GPG public key

  5. Log in to the repository list page of CodeArts Repo, click the alias in the upper right corner, and choose This Account Settings > Repo > GPG Public Keys.
  6. Click New GPG Public Key. On the page that is displayed, set the following parameters.

    Table 1 Parameters for creating a GPG public key

    Parameter

    Description

    Title

    Custom GPG public key name with a maximum of 200 characters.

    GPG Public Keys

    Paste the GPG public key copied from 4 to this text box.

    Description

    Optional. Enter a maximum of 200 characters. If the description is empty, -- will be displayed in the list.

  7. Click OK. If the GPG public key is created successfully, the GPG public key list page is displayed. You can delete the GPG public key when you do not need it.

    If the public key fails to be added, check whether there are redundant spaces before and after the public key or whether it has already been added.