First make sure you don’t have a key already:
If you didn’t and need to create a key then run:
It might hang for awhile while generating enough random entropy. Run “ls -R /” to speed things up.
And upload it to a public key server:
gpg --keyserver hkp://pgp.mit.edu --send-keys <keyid>
Now list the keys again to get the keyid:
The keyid is the half after the / in:
pub XXXX/XXXXXXXX 2011-12-05
Then generate your key:
gpg -ab <filename>
If you’re doing this for an upload to the Maven repositories, you’ll need to do this for each of the four file (.jar, -sources.jar, -javadoc.jar, and .pom) and then jar all eight files together in a bundle.jar file. More details available on Maven’s how to generate PGP signatures page.