Introduction

You need to add your GPG keys in https://svn.apache.org/repos/asf/maven/project/KEYS before a release. Here are some useful GnuPG commands to generate your Keys.

gpg --gen-key

  1. >gpg --gen-key
  2. gpg (GnuPG) 1.4.5; Copyright (C) 2006 Free Software Foundation, Inc.
  3. This program comes with ABSOLUTELY NO WARRANTY.
  4. This is free software, and you are welcome to redistribute it
  5. under certain conditions. See the file COPYING for details.
  6.  
  7. gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application Data/gnupg\secring.gpg'
  8. created
  9. gpg: keyring `C:/Documents and Settings/Siveton Vincent/Application Data/gnupg\pubring.gpg'
  10. created
  11. Please select what kind of key you want:
  12.    (1) DSA and Elgamal (default)
  13.    (2) DSA (sign only)
  14.    (5) RSA (sign only)
  15. Your selection? 1
  16. DSA keypair will have 1024 bits.
  17. ELG-E keys may be between 1024 and 4096 bits long.
  18. What keysize do you want? (2048) 2048
  19. Requested keysize is 2048 bits
  20. Please specify how long the key should be valid.
  21.          0 = key does not expire
  22.       <n>  = key expires in n days
  23.       <n>w = key expires in n weeks
  24.       <n>m = key expires in n months
  25.       <n>y = key expires in n years
  26. Key is valid for? (0) 0
  27. Key does not expire at all
  28. Is this correct? (y/N) y
  29.  
  30. You need a user ID to identify your key; the software constructs the user ID
  31. from the Real Name, Comment and Email Address in this form:
  32.     "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
  33.  
  34. Real name: Vincent Siveton
  35. Email address: vsiveton@apache.org
  36. Comment:
  37. You selected this USER-ID:
  38.     "Vincent Siveton <vsiveton@apache.org>"
  39.  
  40. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  41. You need a Passphrase to protect your secret key.
  42.  
  43. You don't want a passphrase - this is probably a *bad* idea!
  44. I will do it anyway.  You can change your passphrase at any time,
  45. using this program with the option "--edit-key".
  46.  
  47. We need to generate a lot of random bytes. It is a good idea to perform
  48. some other action (type on the keyboard, move the mouse, utilize the
  49. disks) during the prime generation; this gives the random number
  50. generator a better chance to gain enough entropy.
  51. ++++++++++++++++++++.++++++++++..+++++++++++++++++++++++++++++++++++++++++++++++
  52. +++.+++++++++++++++.++++++++++++++++++++..+++++++++++++++>++++++++++............
  53. .........................+++++
  54. We need to generate a lot of random bytes. It is a good idea to perform
  55. some other action (type on the keyboard, move the mouse, utilize the
  56. disks) during the prime generation; this gives the random number
  57. generator a better chance to gain enough entropy.
  58. .+++++++++++++++..++++++++++++++++++++....+++++.++++++++++.++++++++++.++++++++++
  59. +++++.+++++++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++++++++++++>+
  60. +++++++++>+++++>+++++......................................................>++++
  61. +......<.+++++........................+++++^^^
  62. gpg: C:/Documents and Settings/Siveton Vincent/Application Data/gnupg\trustdb.gpg: trustdb
  63. created
  64. gpg: key 07DDB702 marked as ultimately trusted
  65. public and secret key created and signed.
  66.  
  67. gpg: checking the trustdb
  68. gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
  69. gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
  70. pub   1024D/07DDB702 2006-10-10
  71.       Key fingerprint = 71F6 F555 8A61 71C4 330D  B868 84F4 D470 07DD B702
  72. uid                  Vincent Siveton <vsiveton@apache.org>
  73. sub   2048g/D2814A59 2006-10-10

gpg --list-sigs

  1. >gpg --list-sigs "Vincent Siveton" && gpg --armor --export "Vincent Siveton"
  2. pub   1024D/07DDB702 2006-10-10
  3. uid                  Vincent Siveton <vsiveton@apache.org>
  4. sig 3        07DDB702 2006-10-10  Vincent Siveton <vsiveton@apache.org>
  5. sub   2048g/D2814A59 2006-10-10
  6. sig          07DDB702 2006-10-10  Vincent Siveton <vsiveton@apache.org>
  7.  
  8. -----BEGIN PGP PUBLIC KEY BLOCK-----
  9. Version: GnuPG v1.4.5 (MingW32)
  10.  
  11. mQGiBEUrnAsRBACQDiYGc1IQmkENLO9iznBg8otGPEbzqQozT5tsip5mB30f6Mc/
  12. uuLxJkLdna7Ul3goIXDtCeLJq38gHvruNtVNR6S+juJFkd5sLEH8UJ18PbKuo/9I
  13. KGlzjtCYUUDC48czRr0efhqd54NH8ydNdpaZ76NGPPYfpXtk7kKgH/nPiwCgxozK
  14. IG2frMuWIvdFafbqdAl7y/sD/1Csf0r9jtHEeXOuyhm8jCGrSwzLbHUGKPUQP37P
  15. ajECHoWp6HnvHEEEpgVl+UjfZvrcVhzUoP+3r5HAugqERfkzK8AWc7qjIRjf64kU
  16. sjvto31G2KYz17Y8K9y4LkRkUspu8uw903pKnW/QELg4vvPVaEYpVVIdS6+cUreu
  17. V0hOA/4tW7T/GpzSbQmjvnIRQ7GVHbQeXsANwrS6NmGYIxafN9P9dfHV+eUieTu6
  18. rvMP9coOhTYyEKZksrXw2MmXx5SzgxsXT0g4wDXbwxPYFfIdGUzFMobnVXiZ3G8l
  19. JEl9cML0cg3ZL1SoDmVf2iG3e3Yxxsne4AE1SU+0bbq0t7rqALQlVmluY2VudCBT
  20. aXZldG9uIDx2c2l2ZXRvbkBhcGFjaGUub3JnPohgBBMRAgAgBQJFK5wLAhsDBgsJ
  21. CAcDAgQVAggDBBYCAwECHgECF4AACgkQhPTUcAfdtwLP3gCbB/V1afp8hzxgirCS
  22. d2r6zCkJQ2IAoLKD/RIkkerNintYzrubJliJKBsRuQINBEUrnBgQCAD1+Sx+sBDL
  23. 1XCDtxQGsrZmMnJJVK/w4TPa/8weJkuZ1GSpINOjInmqESuehvCLoOoyfcuDVXlR
  24. PUZhKZLPEKfJlFptGNK19oTO/CoQN+SJLwR41FoumsBaf1YSSRpAukyx2J6cUxqf
  25. uWrK/T8PmgDw4YzmY96tev//41eZ5tSOxpoUM8ypnTaShtS9pjgHijEG0b7wBqeU
  26. e1OGOiLHgKyjEJUmlTaLm1SxJ84eq0uAvYb+rb/QoWWLpjvr2/mo1kzUvCPgo3fh
  27. kgOxCxsC9QD836Mi5HFK6CRYU3yAFu5+/jM+LJzELy3u7uMuOSP6yuiK8WXopdbN
  28. WHOiJQfdc2gTAAMFCADdljjAG7L+8de6JzsEduKErKqWlTEWa99n1knaGKzdUUOP
  29. WrKxwqgI6PAJbxOfG4vBdDa6M6+nySJDMybQsOCFyNx91/7jYkgkmv8Jkt8CTW4z
  30. P4HKlFYMAFpU95ftpTAAMAlr+t+nZRTHi94/VHMv4yLGzB/xapbzToHKuUt1Yqom
  31. Ncio5px7RVoicn13/i/GeY72fIdC2LRGo6PXlmmDQemoAnUw0RJoEtzapb0j/tWd
  32. BdAtQQX/Ks7qhk4aDDHGgO+CdHAB8PLHDpMpUX5Zc9JX1xhyJcS8d/LPUpXtt9WN
  33. eekqDpx+jNmySJr6os7rPAkjx6jDUvHPiuKdT4aviEkEGBECAAkFAkUrnBgCGwwA
  34. CgkQhPTUcAfdtwJL9ACgmLuDxE+oZaMhyFSmXWN0fM36Bd8AoLYrvwydB9+nNnhJ
  35. 85TjkMPTgjp9
  36. =Hg4C
  37. -----END PGP PUBLIC KEY BLOCK-----

You need to append this result to https://svn.apache.org/repos/asf/maven/project/KEYS.

You also need to upload your key to the public server: http://pgp.mit.edu/ by copying the same you appended in the text field and submit. You can ensure by searching your email in key search engine.

gpg --fingerprint 

  1. >gpg --fingerprint vsiveton
  2. pub   1024D/07DDB702 2006-10-10     
  3.       Key fingerprint = 0000 0000 0000 0000 0000  0000 0000 0000 0000 0000
  4. uid                  Vincent Siveton <vsiveton@apache.org>
  5. sub   2048g/D2814A59 2006-10-10

Go to https://id.apache.org, log in and fill OpenPGP Public Key Primary Fingerprint: with the value of Key fingerprint.

You can read more about Checksums And Signatures and How to Generate PGP Signatures With Maven