Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

The apt-key command manages keys that are responsible for verifying the signature of application package repositories.

Now, whenever you use the apt-key command, you will receive the message:

It means that the apt-key program is now deprecated. Now we should use trusted.gpg.d to manage keyfiles. Translated into human language, now we have to add files ourselves to the /etc/apt/trusted.gpg.d/ folder.

This method will use the /etc/apt/trusted.gpg.d/ directory to store the public GPG key ring files. It has been available since early 2017.

If you look at the recommended man page (man apt-key), it says that this command and all its functions are deprecated.

There are two options for how you can proceed in this situation.

You can continue to use apt-key

Despite the assurances in the documentation, the apt-key program works as usual and performs all its functions.

At the same time, the apt-key command will not be removed for quite a long time, at least several years. It may not be removed at all for compatibility.

Therefore, basically, you can ignore the warning “apt-key is deprecated”.

How to add keys in a new way

The new “modern” version is poorly documented, let's try to fill this gap.

Now the keys need to be added with the following commands.

If a remote key file is added:

If a local key file is added:

In these commands, you need to substitute:

• URL - address of the .pub file
• NAME - you can choose any file name
• FILE - filename of the .pub file

Then be sure to run the following command to set the correct file permissions:

Example. If you already know the URL of the required public key, use wget or curl to download and import it. Remember to update the file permissions from 600 to 644.

Alternatively, you can get the key from the keyserver:

How to view information about installed keys

To view information about the installed key, run a command of the form:

For instance:

As said, the old command also works:

How to remove a key added by a new method

If you need a command analogue:

Now, to remove the key, simply delete the file with commands like:

But “apt-key del” also works.

How to remove a key added with apt-key add

If you want to delete individual keys, then use a command like this:

To find out the KEY_ID, run the command

find the key you want, for example:

Look at the sequence of numbers and letters in the pub field - this is a hash. In this example, we are interested in the line

To delete this key, you need to run the command (note that spaces have been removed from the hash):

How to remove all keys added with apt-key add

Just delete the /etc/apt/trusted.gpg file: