Working around ‘Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)’

If a webpage tells you to run a command to import a GPG key when setting up an APT repository, it isn’t necessarily correct! Newer versions of Ubuntu no longer use apt-key and /etc/apt/trusted.gpg, preferring you put repository GPG keys in a file under /etc/apt/trusted.gpg.d.

Having recently reinstalled my desktop and not realising this, I had this exceedingly annoying error:

W: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

This is one of the kinds of errors that tells you what you shouldn’t do, and isn’t too helpful about guiding you to what you should do.

As this is an easily forgettable problem, here’s how to fix it.

First, list the keys in /etc/apt/trusted.gpg:

gpg --keyring /etc/apt/trusted.gpg --list-keys

You will see a list of keys similar to the following:

pub rsa4096 2021-10-27 [SC] [expires: 2023-01-20]
uid [ unknown] Spotify Public Repository Signing Key

pub rsa4096 2013-11-19 [SC] [expires: 2027-11-11]
uid [ unknown] Code Signing (v1)
sub rsa4096 2013-11-19 [E] [expires: 2027-11-11]

pub rsa4096 2014-01-13 [SCEA] [expired: 2019-01-12]
uid [ expired] packagecloud ops (production key)

pub rsa4096 2016-02-18 [SCEA]
uid [ unknown] (
sub rsa4096 2016-02-18 [SEA]

For each of the keys, find the key ID – the long hexadecimal string on the second line, and run the following command:

gpg --keyring /etc/apt/trusted.gpg --export <key-id> | sudo tee /etc/apt/trusted.gpg/<repository>.gpg

Finally, tidy up after yourself by deleting the key from trusted.gpg:

sudo gpg --keyring /etc/apt/trusted.gpg --delete-key <key-id>

You can even specify multiple keys on the command line.

And that’s it.

3 thoughts on “Working around ‘Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)’”

  1. Can you explain what the “” reference comes from what how to name that?

    There are multiple explanations across the internet using this characterization and none explaining how one fills in that part – is it just random name, is it apparent where it is because I can’t find it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.