GPG with Maven
To sign Maven artifacts add the following to the POM;
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
The passphrase for the default key should go in a property in the POM, or preferably, in the "~/.m2/settings.xml" file.
This signs using the default local key, and uses the "gpg"-command for signing. There are more options in the documentation.
Troubleshooting
Signing can fail with the message:
This is because the local GPG install wants to ask for the userpassword with a popup. Override by executing:
GPG cheat sheet
There is a nice GPG cheatsheet here.