Fixing “Key is stored in legacy trusted.gpg keyring” Issue in Ubuntu
======
If you use a PPA or add an external repository in Ubuntu 22.04 and later versions, chances are that you will see a message like this:
```
W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
```
![ubuntu key is stored legacy][1]
First thing first. It is not an error, it is a warning message. A warning does not stop the procedure. You can continue upgrading your system even if you see this warning message during an update.
If you don’t like seeing the warning message, you can take some manual steps to get rid of it.
There are two ways; the proper way and the quick and dirty way. Read both methods and see which one you feel comfortable with.
### Method 1: Import the key [Proper but complicated way]
First, list all the GPG keys added to your system.
```
sudo apt-key list
```
This will show a huge list of keys stored in your system. What you have to do here is to look for the keys associated with the warning message.
```
[emailprotected]:~$ sudo apt-key list
[sudo] password for abhishek:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy
```
In my case, the repository has keywords like packagecloud, slacktechnologies. It is shown at the top of the apt-key list output. You may have to scroll a bit in your case.
In this rare case, the external repository added by Slack, has two GPG keys. One of them is expired and I’ll ignore it. You may not have such a situation.
You should the last 8 characters (excluding the space) under the line after pub.
So from the line “DB08 5A08 CA13 B8AC B917 E0F6 D938 EC0D 0386 51BD”, I’ll take the last 8 characters “0386 51BD”, remove the space and then use it to import the GPG key in its dedicated file under the /etc/apt/trusted.gpg.d directory:
I created a new file slack.gpg here, in case you didn’t notice it. I named it slack.gpg because it is associated with Slack application I installed earlier. The filename does not matter but it’s good for identification.
If the command runs successfully, you won’t see any message. You can verify that by checking if the newly created gpg file exists or not.
![import gpg key to trusted ubuntu][2]
Run the update again and now you should not see the warning message anymore.
### Method 2: Copy to the trusted.gpd.d directory [Quick and dirty way]
If you don’t feel comfortable doing all the above stuff manually, well, you can ignore the warning message. I mean, ignoring it is always an option.
Another option is to copy the /etc/apt/trusted.gpg file to /etc/apt/trusted.gpg.d directory. After all, Ubuntu only complains that it needs the GPG keys in /etc/apt/trusted.gpg.d directory.
You’ll still have to use the terminal. Open it and use the following command:
Now, if you run the update, you won’t see the “Key is stored in legacy trusted.gpg keyring” warning message anymore.
![quick dirty way to fix apt key stored legacy][3]
### Conclusion
I have written a detailed article on [apt-key deprecation][4]. Apparently, that article had some readers confused and hence I wrote this one to give them direct steps for getting rid of the message.
As I said before, it is a warning message and can be ignored for now. The onus to ‘fix’ this issue lies on the external software developers and Ubuntu developers. The external software developers should make sure that their GPG keys are no longer added in the /etc/apt/trusted.gpg file.
The end users should not take the pain for their laziness.
So, which method did you use to get rid of the ‘key is stored in legacy’ warning message? The first one or the second one?
