What is the solution of ‘apt-key is deprecated’ Warning Debian 11 or Kali Linux – Guide
When trying to add an APT repository key using apt-key on Debian, Ubuntu and Linux distributions based on them, you will not see the “Warning: apt-key is deprecated. Instead, manage the keyring files in trusted.gpg.d” message.
The apt-key man page mentions that “using apt-key is deprecated, except for using apt-key del in maintainer scripts to remove existing keys from the main keyring”. Furthermore, “apt-key will be available for the last time on Debian 11 and Ubuntu 22.04.”
The reason for this change is that by adding an OpenPGP key that is used to sign an APT repository in /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d, the key is unconditionally trusted by APT at all the other repositories configured on the system that do not have a signed option (see below), even the official Debian / Ubuntu repositories. As a result, any unofficial APT repository that has its signature key added to /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d can replace any package on the system.
Debian’s apt-key management is insecure, as mentioned above.
If you’re still using apt-key, it’s a good idea to start transitioning to using the signed by option as explained below. This will help protect your data and keep your system secure. ..
The correct and safe way to add third party repositories and their OpenPGP signature keys on Debian, Ubuntu, Linux distributions based on them, like Linux Mint, Pop! _OS, Elementary OS, and so on is to use apt-key.
1. Download the APT repository key
The Debian wiki recommends that the key be downloaded over HTTPS to a writable location only by root, and that the key name must contain a short name that describes the repository, followed by the file keyring. For example, if the repository is named myrepository, the key file would be named myrepository-archive-keyring.gpg. ..
gpg –keyserver hkp://keys.gnupg.org –recv-keys 0xABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz This will return a list of all the keys in the key file with the extension .gpg. If the key file is not protected by ascii, then it will return a list of all the keys in the key file with the extension .asc.
gpg –armor –export-secret-key C=US,O=Apple Inc.,OU=Software Development,CN=Users gpg –armor –export-secret-key C=US,O=Apple Inc.,OU=Software Development,CN=Users The output of this command will show the public key of the user C and the secret key for the user O.
To add a new repository signature key, follow these steps:
- Open the “GPG Tools” application on your computer.
- Click on the “Repositories” tab.
- Click on the “Add Repository” button.
- Type in the name of the repository you want to add a signature to, and click on the “OK” button.
- In the “Key Information” section, click on the “Signature Key” button and select the key you want to use from your list of keys.
- Click on the “OK” button to finish adding the key. ..
For OpenPGP keys with ascii protection
wget https://raw.githubusercontent.com/openpgp-keys/master/openpgp-keys.gpg sudo apt-key add openpgp-keys.gpg ..
Wget -O- https://keyrings.org/archive-keyring.gpg | GPG -dearmor | sudo tee /usr/share/keyrings/-archive-keyring.gpg
What everything in this command means / means:
Wget downloads the key from https://example.com/key/repo-key.gpg and sends the key to stdout (-O-). The gpg command is the OpenPGP encryption and signature tool; its –dearmor option unpacks the input of an armorsudo tee OpenPGP ASCII /usr/share/keyrings/-archive-keyring.gpg: as superuser (sudo), read the standard input, which in this case is the output provided by gpg – dearmor, and write it to the /usr/share/keyrings/-archive-keyring.gpg file. The name of your repository key will be appended to this filename.
Final note
The Debian 11 and Kali Linux users are warned about the deprecated apt-key command. This command is no longer supported by Debian and it is not recommended to use it anymore. If you have any query regarding this article, you may ask us. Additionally, please share your love by sharing this article with your friends.
