Update outdated Debian Linux APT key import instructions

Abstract

The page (https://support.torproject.org/apt/tor-deb-repo/) needs to update its APT key importing instructions since apt-key is already deprecated. Keys now need to be placed directly into /etc/apt/trusted.gpg.d instead of being imported using apt-key.

Details

On the support page "Why and how I can enable Tor Package Repository in Debian?", the section at the bottom gives the following instructions for importing Tor Project's key into APT.

3. Then add the gpg key used to sign the packages by running the following commands at your command prompt
   wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
   gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

However, apt-key is already deprecated, and shouldn't be used anymore. Refer to Debian's apt-key man page for more details. If the user tries to import a key using apt-get, the following warning message will be shown.

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Therefore, the more up-to-date method to import keys in Debian-based distributions would be to place the key file directly into the /etc/apt/trusted.gpg.d directory. This can be achieved in a few ways.

# download the key directly into /etc/apt/trusted.gpg.d using cURL or Wget
sudo curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc -o /etc/apt/trusted.gpg.d/torproject.asc
sudo wget https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc -O /etc/apt/trusted.gpg.d/torproject.asc

# receive the key from a keyserver using gpg, then export the key into /etc/apt/trusted.gpg.d
gpg --keyserver=hkp://keys.gnupg.net --receive-keys 74A941BA219EC810
gpg --export 74A941BA219EC810 | sudo tee /etc/apt/trusted.gpg.d/torproject.gpg > /dev/null