Update outdated Debian Linux APT key import instructions
Abstract
The page (https://support.torproject.org/apt/tor-deb-repo/) needs to update its APT key importing instructions since apt-key
is already deprecated. Keys now need to be placed directly into /etc/apt/trusted.gpg.d
instead of being imported using apt-key
.
Details
On the support page "Why and how I can enable Tor Package Repository in Debian?", the section at the bottom gives the following instructions for importing Tor Project's key into APT.
- Then add the gpg key used to sign the packages by running the following commands at your command prompt
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
However, apt-key
is already deprecated, and shouldn't be used anymore. Refer to Debian's apt-key man page for more details. If the user tries to import a key using apt-get
, the following warning message will be shown.
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Therefore, the more up-to-date method to import keys in Debian-based distributions would be to place the key file directly into the /etc/apt/trusted.gpg.d
directory. This can be achieved in a few ways.
# download the key directly into /etc/apt/trusted.gpg.d using cURL or Wget
sudo curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc -o /etc/apt/trusted.gpg.d/torproject.asc
sudo wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc -O /etc/apt/trusted.gpg.d/torproject.asc
# receive the key from a keyserver using gpg, then export the key into /etc/apt/trusted.gpg.d
gpg --keyserver=hkp://keys.gnupg.net --receive-keys 74A941BA219EC810
gpg --export 74A941BA219EC810 | sudo tee /etc/apt/trusted.gpg.d/torproject.gpg > /dev/null