Even if this is a warning message, you can continue to use apt-key, but it will be removed in the next releases. So it will be a good idea to start using the new way.

Problem:

As of today, we use the following command to add a GPG key to our system. It was working fine. While running the same command on Ubuntu 22.04, I got a warning message: You should see the following output:

Solution:

Here is the new way of adding GPG keys to the system and avoiding the above warning. Important Note: If you are still getting the error “Key is stored in legacy trusted.gpg keyring“. Then you may already have the key stored under trusted.gpg keyring. To solve this visit: https://tecadmin.net/resolved-key-is-stored-in-legacy-trusted-gpg-keyring/

Method 1: The following command will download a remote GPG key, encrypt it and save it under the /usr/share/keyrings directory.

You can see that the above repository configuration file referenced the GPG file ([signed-by=/usr/share/keyrings/jcameron-key.gpg]) stored in keyrings. That will restrict the packages to verify with this file only. Now, you can update the cache with “apt update” and continue with the package installation.

Conclusion

To enhance the security of your system, the latest Ubuntu system prefers to store GPG keys under keyrings. Also defined the key in the repository configuration to avoid the use of other keys.