HomeBlogsWhat is the solution of ‘apt-key is deprecated’ Warning Debian 11 or...

What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux

This tutorial is about What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux. Recently I updated this tutorial and will try my best so that you understand this guide. I hope you guys like this blog, What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux. If your answer is yes then please do share with your friends after reading this.

Check What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux

When you try to add an APT repository key using apt-key on Debian, Ubuntu and Linux distributions based on these, you will see the following message: “Warning: apt-key is deprecated. Instead, manage keyring files in trust.gpg.d (see apt-key (8)) ”.

The apt-key man page mentions that “the use of apt-key is deprecated, except for the use of apt-key del in maintenance scripts to remove existing keys from the main keychain.” Also, “apt-key will last available on Debian 11 and Ubuntu 22.04”.

The reason for this change is that when adding an OpenPGP key that is used to sign an APT repository in /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d, APT unconditionally trusts the key on all other repositories configured on the system that do not have a signature option (see below), even the official Debian / Ubuntu repositories. As a result, any unofficial APT repository that has its signing key added to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any package on the system. So this change was made for security reasons (your safety).

It’s also worth noting that while apt-key’s disapproving message says “manage keyring files in trust.gpg.d instead”, the Debian wiki says otherwise. This is because adding OpenPGP keys to /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d is equally insecure, as mentioned above.

You can continue using apt-key for now, as it still works. However, it would be a good idea to start transitioning to using the signed by option, as explained below, especially if you maintain a third-party repository.

So what is the proper and safe way to add third-party (unofficial) repositories and your OpenPGP signing keys on Debian, Ubuntu and Linux distributions based on these, such as Linux Mint, Pop! _OS, Elementary OS, etc., to replace the obsolete apt-key?

1. Download the APT repository key

According to the Debian wiki, the key must be downloaded over HTTPS to a location that only root can write, for example / usr / share / keyrings. The key name must contain a short name that describes the repository, followed by a keyring-file. For example, if the repository is named myrepository, the keyfile should be named myrepository-archive-keyring.gpg.

The OpenPGP key file may or may not be ASCII shielded. To check if a key file is ASCII-shielded, download the key file and run this command (note that the key extension can be .gpg, .asc, .key, and probably others):

file .gpg If the output of this command is similar to the following, then the key is ASCII-Armored:

repo-key.gpg: PGP Public-Key public key block (old) With that said, here’s how to properly and securely download and add a repository signing key to your system:

For OpenPGP keys with ascii armor

To download using wget and add an OpenPGP key to your system, use:

wget -O- | gpg –dearmor | sudo tee /usr/share/keyrings/-archive-keyring.gpg

What everything in this command does / means:

wget downloads the key from https://example.com/key/repo-key.gpg and sends the key to stdout (-O-). Replace the URL here with the URL of the key you want to download and add gpg –dearmor to your system: the gpg command is the OpenPGP encryption and signing tool; your –dearmor option decompresses the input from an OpenPGP ASCII armorsudo tee /usr/share/keyrings/-archive-keyring.gpg: as superuser (sudo), read the standard input, which in this case is the output provided by gpg – dearmor and write this to the /usr/share/keyrings/-archive-keyring.gpg file. Replace the name with a descriptive name for the repository key you are adding

Final remarks: What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux

I hope you understand this article, What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux. If your answer is no, you can ask anything via the contact forum section related to this article. And if your answer is yes, please share this article with your friends and family to give us your support.

Dian Erwin
Dian Erwin is a writer for Bollyinside, covering topics related to computing, such as laptops, tablets, Windows, and iOS. Tony spends much too much of his free time on Twitter, reading speculative fiction novels, playing video games, and reading comic books. He also enjoys reading video game manuals.

RELATED ARTICLES

Must Read

- Advertisment -