Generate Evidence Key Pair CLI

Description: Creates ECDSA P-256 key pairs for signing evidence. This command generates both private and public key files with secure permissions, and by default uploads the public key to the JFrog Platform for evidence verification.

Since: 2.82.0

Syntax

Basic key generation:

jf evd generate-key-pair

Custom key generation:

jf evd generate-key-pair --key-file-path <directory-path> --key-file-name <base-name> --key-alias <alias-name> --upload-public-key <true|false>

Authentication

An admin token is required to upload the public key generated by this command (--upload-public-key=true) to the JFrog platform. This is the default setting. No authentication is required to generate the key pair _without_ uploading the public key (--upload-public-key=false). Basic authentication is not supported.

Command Parameters

Option	Required/Optional	Type	Description
`--key-file-path`	optional	string	The directory path for the key files. Creates the directory if it does not exist. The default is the current directory.
`--key-file-name`	optional	string	The base name for key files (without the extension): Private key: `<name>.key` Public key: `<name>.pub` The default name is `evidence`.
`--key-alias`	optional	string	A case-sensitive name (alias) for the public key (see Tip below) that makes it easy to identify in the JFrog platform. If not provided, the CLI auto-generates a timestamp-based alias using the format: `evd-key-YYYYMMDD-HHMMSS`
`--upload-public-key`	optional	boolean	Uploads the public key to the list of trusted keys in the JFrog platform where it can be used to verify evidence. The default value is `true`. 📘 Note Requires an admin user and a server connection.

✅
Tip
Use --upload-public-key=false during development and testing to generate keys locally without requiring access to the JFrog platform.

Example 1: Basic key generation

This command creates evidence.key (private) and evidence.pub (public) in the current directory and uploads the public key to the JFrog platform.

jf evd generate-key-pair --server-id --my-server

Example 2: Custom key names, alias, and location

This command creates my-key.key and my-key.pub in the ./keys directory with a custom alias.

jf evd generate-key-pair --key-file-path ./keys --key-file-name my-key --key-alias production-signing-key --server-id my-server

Example 3: Generate key pair without uploading public key

This command generates a key pair without uploading the public key to the JFrog platform.

jf evd generate-key-pair --upload-public-key=false

📘
Note
For more information about creating evidence using the JFrog CLI, see Create Evidence CLI.