Resolution

How to extend the expiry for a GPG key pair and retrieve passphrase

AuthorFullName__c
Paul Pan
articleNumber
000005125
ft:sourceType
Salesforce
FirstPublishedDate
2021-10-14T22:38:37Z
lastModifiedDate
2021-10-14
VersionNumber
4
1. Download public key from artifactory. If you don't know the passphrase, jump to step 10 to restore your passphrase first.

  2. Import public key using

  $ gpg --import public.key

  3. Import private key using

  $ gpg --import private.key

  4. Get the public key id:

$ gpg --list-keys

pub   rsa2048 2018-04-28 [SC] [expired: 2020-04-27]

      45E51D7FCBB41DB20F320B3935027CAC83A95B6C

uid           [ expired] paul pan <paulp@jfrog.com>

  5. Edit public key

$ gpg --edit-key 45E51D7FCBB41DB20F320B3935027CAC83A95B6C

  6. You should have entered the gpg shell by now. Use numbers to select the key you want to edited or run list to see all the keys. Enter 0 from primary key
 

gpg> list

gpg> key 0

   7. Once the key is elected, run expire command to change the expiration date

gpg> expire

  8.  Save changes

gpg> save

  9. Upload the public key back to Artifactory. You don't have to change private key since private key does not expire.
 

To restore passphrase for your gpg key pair.
 

10. Run this API the decrypt your system

$ curl -uadmin:password -X POST https://<Your_host>/artifactory/api/system/decrypt


11. Check config descriptors in UI ( Admin -> Artifactory -> Config Descriptor ) or $ARTIFACTORY_HOME/etc/artifactory/artifactory.config.latest.xml

  Look for <passphrase> under <keyPair> section. 

12. Save the passphrase and run encrypt api to encrypt your system again

$ curl -uadmin:password -X POST https://<Your_host>/artifactory/api/system/encrypt