Viewing a PGP signature on a Maven artifact

If you want to check all pgp signatures of your project dependency automatically, you can try execute:

mvn org.simplify4u.plugins:pgpverify-maven-plugin:check

This plugin downloads all signature (.asc) files and needed pgp key to do signature check.

There is another goal show in pgpverify-maven-plugin, so if you want only see signature you can execute:

mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=junit:junit:4.12

More info about this plugin you can find on site: https://www.simplify4u.org/pgpverify-maven-plugin/

You can simple download those artifacts (.asc) files and manually check the signature. Maven Central is accessible via http like this:

http://search.maven.org/remotecontent?filepath=com/soebes/smpp/smpp/0.4/smpp-0.4.pom.asc