Update your apt keys for Ubuntu and other Debian based operation systems

You may get a warning from a modern Debian based operating system which says:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Essentially the apt-key framework is being retired and you need to store your keys in separate files in the /etc/apt/trusted.gpg.d/ directory rather than using apt-key to manage

If when you run:

sudo apt-key list

Any keys listed under the heading of


should be migrated. This procedure is described below. Before you start make sure the keyrings directory exists (not required if you are using Ubuntu 22.04)

sudo mkdir -p /etc/apt/keyrings

From the list produced by the “apt-key list” command, a key can be uniquely identified by the last 2 sets of hexidecimal numbers on the second line of the pub section. For example if the numbers are DE57 BFBE you can use the string DE57BFBE to identify the key. So you can export it using the following command (replace the DE57BFBE with the actual last digits of the key and <repo-name> with a unique name in that directory):

sudo apt-key export DE57BFBE | sudo gpg --dearmour -o /etc/apt/keyrings/<repo-name>.gpg

You can then update the repository definition to use this key. for example if your repo was:

deb [arch=amd64] https://repo.awesome.io/repo/py3/ubuntu/22.04/amd64/latest jammy main

and you used the filename awesome.gpg then you’d enter:

deb [signed-by=/etc/apt/keyrings/awesome.gpg arch=amd64] https://repo.awesome.io/repo/py3/ubuntu/22.04/amd64/latest jammy main

You can then list the key using “sudo apt-key list” – and use “sudo apt update” to update your apt indexes.

With all that working delete the old key from the trusted.gpg using the command:

sudo apt-key del DE57BFBE