Updated on 2024-07-10 GMT+08:00

GPG Public Keys

Introduction

GPG is used for digital signature and authentication. When you push code to CodeArts Repo, the GPG public keys ensure trusted sources and code integrity by signing and verifying Git code commits and tags in Git.

Generating and Setting the GPG Public Key

The following describes how to generate and set a GPG Key.

  1. Download the GPG key generation tool from the Gpg4win official site.
  2. Run the gpg --full-generate-key command on the local Git client, select the encryption algorithm, key length, expiration time, and correctness as prompted, and enter a username, email address, and comment.

  3. After confirming that the information is correct, type O and press Enter as prompted. In the displayed dialog box for entering and confirming the password, enter the correct password to generate a key.

    If the following information is displayed, the GPG key is successfully generated:

  4. Run the gpg --list-secret-keys --keyid-format LONG command to print the key ID.

  5. Run the gpg --armor --export command to export the public key.

  6. Copy the public key to the clipboard.
  7. Log in to the repository list page of CodeArts Repo, click the alias in the upper right corner, and choose This Account Settings > Repo > GPG Public Keys.
  8. Click New GPG Public Key. On the page that is displayed, set the following parameters.

    Table 1 Parameters for creating a GPG public key

    Parameter

    Description

    Title

    Mandatory. Max. 200 characters.

    GPG Public Keys

    Mandatory. Paste the public key copied from 6 to this text box.

    NOTE:

    The GPG public key must start with -----BEGIN PGP PUBLIC KEY BLOCK----- and end with -----END PGP PUBLIC KEY BLOCK-----.

    Description

    Optional. Max. 200 characters. If the description is empty, "--" is displayed in the list.

  9. Click OK. The GPG public key is created successfully and the GPG public key list page is displayed.

    • A GPG public key cannot be used repeatedly. If you fail to add a GPG public key, check whether you have added the public key and whether there are redundant spaces before and after the public key.
    • After the public key is added successfully, you can view the added public key on the GPG Public Keys page. If the public key is no longer used, you can delete it.