What are GPG Keys and why do we have to enable it in Artifactory Repositories?

ARTIFACTORY: How to configure GPG Keys with Artifactory Remote Repositories

AuthorFullName__c
Shisiya Sebastian
articleNumber
000005583
ft:sourceType
Salesforce
FirstPublishedDate
2023-02-19T10:14:13Z
lastModifiedDate
2023-02-19
VersionNumber
1

GPG, also known as GNU Privacy Guard, is very commonly used to digitally sign files in order to guarantee their authenticity. Like SSH, GPG also has a public-private key pair. Public key is shared and private key is kept secret. Every repository, be it a CentOS, Ubuntu or a third party repository, is signed with GPG keys by its provider. When you add a repository to your system, and enable its GPG Key, the public GPG key from the provider is added in trusted GPG keys on your system. This ensures that your Linux system trusts the packages coming from the repository.