How to configure GPG Keys in Apt

ARTIFACTORY: How to configure GPG Keys with Artifactory Remote Repositories

AuthorFullName__c
Shisiya Sebastian
articleNumber
000005583
ft:sourceType
Salesforce
FirstPublishedDate
2023-02-19T10:14:13Z
lastModifiedDate
2023-02-19
VersionNumber
1
If you want to enable GPG signature checks enabled in your apt clients, please make sure to download the GPG public Key from the upstream registry and use that path in your apt client configuration.
deb [signed-by=<path to the GPG public Key>] <Repository-URL> <DISTRIBUTION> <COMPONENT>

Below is the example for ElasticSearch repository, using a debian remote repository myseardeb with the upstream URL as "https://artifacts.elastic.co/packages/8.x/apt".

As per the ElasticSearch documentation, package and metadata are signed with the same key and you can download it and use it in your Apt configuration.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

I have added my remote repository to the Apt configuration /etc/apt/sources.list as follows.
deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] http://artifactory_host:8082/artifactory/mysearchdeb stable main

Sample snippet of downloading a package from the Artifactory Elasticsearch repo:
apt install filebeat
root@test-ubuntu:/etc/apt# apt-get update
Hit:1 http://artifactory_host:8082/artifactory/mysearchdeb stable InRelease
Reading package lists... Done
root@test-ubuntu:/etc/apt# apt install filebeat
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  filebeat
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/41.8 MB of archives.
After this operation, 155 MB of additional disk space will be used.
Selecting previously unselected package filebeat.
(Reading database ... 150600 files and directories currently installed.)
Preparing to unpack .../filebeat_8.6.1_amd64.deb ...
Unpacking filebeat (8.6.1) ...
Setting up filebeat (8.6.1) ...
Processing triggers for systemd (237-3ubuntu10.56) ...
Processing triggers for ureadahead (0.100.0-21) ...
root@test-ubuntu:/etc/apt#

Alternatively, you can directly import GPG Key using the key and Keyserver mentioned by the repository provider.
apt-key adv --keyserver <keyserver_name> --recv-keys <keyid>
In this case,
apt-key adv --keyserver pgp.mit.edu --recv-keys D88E42B4

If the key is not specified in the Apt configuration and you receive an error as follows, you can use the above command to resolve the error.
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY <keyid>