How to use the command apt-key (with examples)
The apt-key command is a key management utility for the APT Package Manager on Debian and Ubuntu. It allows you to manage trusted keys, which are used to verify the authenticity and integrity of packages installed on your system.
Use case 1: List trusted keys
Code:
apt-key list
Motivation: You may want to check the list of trusted keys on your system to ensure that the correct keys are being used for package verification.
Explanation:
The apt-key list command lists all the trusted keys in the keystore. It displays information about each key, including the key ID and associated data.
Example Output:
pub rsa4096 2017-02-22 [SCEA]
Fingerprint: 4BC5 4C1E C58C 1BA2 8C0A 81D6 F6F5 20A1 3E91 CCDA
uid [ unknown] Ubuntu Archive Automatic Signing Key (2016) <ftpmaster@ubuntu.com>
sub rsa4096 2017-02-22 [S]
Use case 2: Add a key to the trusted keystore
Code:
apt-key add public_key_file.asc
Motivation: If you need to install software from a repository that is signed with a custom key, you can add the key to the trusted keystore to ensure the integrity and authenticity of the packages.
Explanation:
The apt-key add command adds a key to the trusted keystore. You need to provide the path to the public key file using the public_key_file.asc argument.
Example Output: No output is displayed if the key is successfully added.
Use case 3: Delete a key from the trusted keystore
Code:
apt-key del key_id
Motivation: If you no longer trust a key or want to remove a key from the trusted keystore, you can use this command to delete the key.
Explanation:
The apt-key del command deletes a key from the trusted keystore. You need to provide the key ID of the key you want to delete using the key_id argument.
Example Output: No output is displayed if the key is successfully deleted.
Use case 4: Add a remote key to the trusted keystore
Code:
wget -qO - https://host.tld/filename.key | apt-key add -
Motivation:
Sometimes, you may need to add a key from a remote location directly to the trusted keystore. This command allows you to fetch the key using wget and add it to the keystore.
Explanation:
The wget -qO - command fetches the key file from the specified URL (https://host.tld/filename.key). The pipe (|) forwards the output of wget to the apt-key add - command, which adds the key to the trusted keystore.
Example Output: No output is displayed if the key is successfully added.
Use case 5: Add a key from keyserver with only key id
Code:
apt-key adv --keyserver pgp.mit.edu --recv KEYID
Motivation: If you know the key ID of a key stored in a keyserver, you can fetch the key directly from the keyserver and add it to the trusted keystore.
Explanation:
The apt-key adv --keyserver pgp.mit.edu --recv KEYID command fetches the key with the specified KEYID from the pgp.mit.edu keyserver and adds it to the trusted keystore.
Example Output:
Executing: /tmp/apt-key-gpghome.TdylUtqxMO/gpg.1.sh --keyserver pgp.mit.edu --recv KEYID
gpg: key KEYID: public key "Example Key <example@example.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
Conclusion:
The apt-key command is a useful tool for managing trusted keys in the APT Package Manager on Debian and Ubuntu. It allows you to list, add, delete, and import keys, ensuring the integrity and authenticity of packages installed on your system.
