How to Import GPG Keys on Ubuntu & Debian (without apt-key)
Abstract: Save the file and close it. Configure PPA with signed-by optionConclusion That’s it. You have successfully configured a new PPA with a GPG key on your
The latest Debian-based systems have deprecated the use of the apt-key command. This command is used to import the GPG signing keys to systems. This command was working fine till Debian 10 and its derivatives. After the release of Debian 11 (and its derivatives like Ubuntu 22.04), the users start getting a warning message on the screen during the keys import. You will see the warning message 「Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))「. As this is a warning message you can still use the apt-key command but the newer version of Debian and Ubuntu will remove the support of this command.
So, it will be good to upgrade ourselves and start using the signed-by for maintaining the GPG keys and for the repositories. In this article, we will discuss, how securely import the GPG repository signing keys to the Ubuntu, Debian, Linux Mint and Pop!_OS, etc.
You can download the OpenPGP key on your system using the wget or curl command. Then dearmor the Key and save it to your system. For example, we need to configure Webmin PPA on our system. Then, first I have to install the GPG key using one of the below commands:
- Using wget command:
wget -O- https://download.webmin.com/jcameron-key.asc | sudo gpg --dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1 - Using curl command:
curl https://download.webmin.com/jcameron-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1
The above commands will create a file at /usr/share/keyrings/jcameron-key.gpg on your system. So, Now you have successfully configured the GPG key on your system.
Configure gpg key with dearmorNext, edit the Webmin PPA file in a text editor and configure it with the above-created file as shown below:
file: /etc/apt/sources.list.d/webmin.list deb [signed-by=/usr/share/keyrings/jcameron-key.gpg] https://download.webmin.com/download/repository sarge contrib
Save the file and close it.
Configure PPA with signed-by optionConclusionThat’s it. You have successfully configured a new PPA with a GPG key on your system. The new way of using the GPG key is optional in Ubuntu 22.04 and Debian 11 systems. As it is related to system security, from the next releases, this will be compulsory. So this is a good idea to keep practicing this way.
