Recently, while installing the Brave browser we got an issue: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg). This happened because we tried to install the GPG key through the apt-key command-line utility.
The utility has now been deprecated. The man pages inform us that the utility will be last available for Debian 12 and Ubuntu 23.10.
Note: The following operations require Administrative rights.
Fix: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)
Firstly, we have to see the data about GPG keys. This can be done through the following command:
apt-key list
We knew the GPG keys for the Brave browser were available through a link. So, we decided to delete the keys.
pub rsa4096 2018-10-15 [SC] [expires: 2026-05-09] D8BA D4DE 7EE4 6AF2 2D83 4R2D 0ER7 5829 D2R4 F869 uid [ unknown] Brave Software <support@brave.com> sub rsa4096 2019-10-17 [S] [expires: 2025-05-09]
To remove a key from the trusted keys list:
sudo apt-key del <key_id>
Here, it was:
sudo apt-key del D2R4F869
Use the last 8 characters of the key-id.
Thereafter, we downloaded the GPG key from the official source again.
wget -c 'https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg'
And, moved it to the directory /usr/share/keyrings/
sudo mv brave-browser-archive-keyring.gpg /usr/share/keyrings/
Then, edited the file and provided the path for related GPG key: /etc/apt/sources.list.d/brave-browser.list
sudo nano /etc/apt/sources.list.d/brave-browser.list
deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main
Lastly, we updated the repository again. This time around we didn’t see the warning message.
sudo apt update
In conclusion, we have covered here how we fixed the issue: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) through an example.