diff --git a/JenkinsJobs/Builds/build.jenkinsfile b/JenkinsJobs/Builds/build.jenkinsfile
index 6c00fb5d72d..5321114a4bb 100644
--- a/JenkinsJobs/Builds/build.jenkinsfile
+++ b/JenkinsJobs/Builds/build.jenkinsfile
@@ -97,24 +97,6 @@ spec:
 				}
 			}
 		}
-	  stage('Load PGP keys'){
-          environment {
-                KEYRING = credentials('secret-subkeys-releng.asc')
-                KEYRING_PASSPHRASE = credentials('secret-subkeys-releng.asc-passphrase')
-          }
-          steps {
-				dir("${CJE_ROOT}/mbscripts") {
-                sh '''
-                    ./mb011_loadPGPKeys.sh 2>&1 | tee $logDir/mb011_loadPGPKeys.sh.log
-                    if [[ ${PIPESTATUS[0]} -ne 0 ]]
-                    then
-                        echo "Failed in Load PGP keys"
-                        exit 1
-                    fi
-                '''
-				}
-			}
-		}
 		stage('Export environment variables stage 1'){
 			steps {
 				script {
diff --git a/JenkinsJobs/YBuilds/P_build.groovy b/JenkinsJobs/YBuilds/P_build.groovy
index 7171dbcaad6..a3b686b0d2c 100644
--- a/JenkinsJobs/YBuilds/P_build.groovy
+++ b/JenkinsJobs/YBuilds/P_build.groovy
@@ -105,25 +105,6 @@ spec:
                 }
             }
 		}
-	  stage('Load PGP keys'){
-          environment {
-                KEYRING = credentials('secret-subkeys-releng.asc')
-                KEYRING_PASSPHRASE = credentials('secret-subkeys-releng.asc-passphrase')
-          }
-          steps {
-              container('jnlp') {
-                sh \'\'\'
-                    cd ${WORKSPACE}/eclipse.platform.releng.aggregator/eclipse.platform.releng.aggregator/cje-production/mbscripts
-                    ./mb011_loadPGPKeys.sh 2>&1 | tee $logDir/mb011_loadPGPKeys.sh.log
-                    if [[ ${PIPESTATUS[0]} -ne 0 ]]
-                    then
-                        echo "Failed in Load PGP keys"
-                        exit 1
-                    fi
-                \'\'\'
-                }
-            }
-		}
 	  stage('Export environment variables stage 1'){
           steps {
               container('jnlp') {
diff --git a/cje-production/P-build/mb220_buildSdkPatch.sh b/cje-production/P-build/mb220_buildSdkPatch.sh
index 351782b4f83..dc7a70d8cda 100755
--- a/cje-production/P-build/mb220_buildSdkPatch.sh
+++ b/cje-production/P-build/mb220_buildSdkPatch.sh
@@ -39,6 +39,7 @@ mvn -f eclipse.platform.releng.tychoeclipsebuilder/${PATCH_OR_BRANCH_LABEL}/pom.
   -Dtycho.debug.artifactcomparator \
   -Dtycho.localArtifacts=ignore \
   -Dcbi.jarsigner.continueOnFail=true \
+  -Dtycho.pgp.signer=bc -Dtycho.pgp.signer.bc.secretKeys="${KEYRING}" \
   -Djgit.dirtyWorkingTree=error \
   -Dmaven.repo.local=$LOCAL_REPO \
   -Djava.io.tmpdir=$CJE_ROOT/$TMP_DIR \
diff --git a/cje-production/mbscripts/mb011_loadPGPKeys.sh b/cje-production/mbscripts/mb011_loadPGPKeys.sh
deleted file mode 100644
index 9a0ec9588a7..00000000000
--- a/cje-production/mbscripts/mb011_loadPGPKeys.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-#import gpg keys
-gpg --batch --import "${KEYRING}"
-for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u);
-do
-  echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key "${fpr}" trust;
-done
\ No newline at end of file
diff --git a/cje-production/mbscripts/mb220_buildSdkPatch.sh b/cje-production/mbscripts/mb220_buildSdkPatch.sh
index 9d31b4fa63d..691a3f3e185 100755
--- a/cje-production/mbscripts/mb220_buildSdkPatch.sh
+++ b/cje-production/mbscripts/mb220_buildSdkPatch.sh
@@ -36,6 +36,7 @@ mvn clean verify -DskipTests=true ${MVN_ARGS} \
   -Dtycho.debug.artifactcomparator \
   -Dtycho.localArtifacts=ignore \
   -Dcbi.jarsigner.continueOnFail=true \
+  -Dtycho.pgp.signer=bc -Dtycho.pgp.signer.bc.secretKeys="${KEYRING}" \
   -Djgit.dirtyWorkingTree=error \
   -Dmaven.repo.local=$LOCAL_REPO \
   -Djava.io.tmpdir=$CJE_ROOT/$TMP_DIR \
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh b/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh
index 216149d4c46..4eda39dfa37 100755
--- a/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh
+++ b/eclipse.platform.releng.tychoeclipsebuilder/eclipse/extras/produceChecksum.sh
@@ -42,6 +42,15 @@ echo "[DEBUG] Producing GPG signatures starting."
 set -e
 if [ ! -z "${KEYRING_PASSPHRASE}" ]
 then
+    #import gpg keys in fresh gpg-homedir
+    gpg_home="${WORKSPACE}/tools/${client}/gpg/"
+    mkdir -p ${gpg_home}
+    alias gpg='gpg --homedir "${gpg_home}"'
+    gpg --batch --import "${KEYRING}"
+    for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print $10}' | sort -u); do
+      echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key "${fpr}" trust;
+    done
+    
     gpg --detach-sign --armor --output ${allCheckSumsSHA512}.asc --batch --pinentry-mode loopback --passphrase-fd 0 ${allCheckSumsSHA512} <<< "${KEYRING_PASSPHRASE}"
 else
     # We don't treat as ERROR since would be normal in a "local build".
diff --git a/eclipse.platform.releng.tychoeclipsebuilder/pom.xml b/eclipse.platform.releng.tychoeclipsebuilder/pom.xml
index fc700bef7f1..2edd3ff9c7d 100644
--- a/eclipse.platform.releng.tychoeclipsebuilder/pom.xml
+++ b/eclipse.platform.releng.tychoeclipsebuilder/pom.xml
@@ -42,8 +42,6 @@
 					<artifactId>tycho-gpg-plugin</artifactId>
 					<version>${tycho.version}</version>
 					<configuration>
-						<signer>bc</signer>
-						<keyname>b6d3ab9bcc641282</keyname>
 						<skipIfJarsigned>false</skipIfJarsigned>
 						<skipIfJarsignedAndAnchored>true</skipIfJarsignedAndAnchored>
 						<pgpKeyBehavior>skip</pgpKeyBehavior>