Linux MInt - W: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

The warning message - Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) is generated by sudo apt update executed in Linux Mint or Ubuntu.

The message :

W: http://ppa.launchpad.net/inkscape.dev/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

indicates that a deprecated apt-key command is used to store the key.

To fix this warning message, there are several solutions.

Reason

The warning appears after migration to Linux Mint 21 and Ubuntu 22.04.

The reason for the warning is that apt-key add is deprecated. Can we ignore the message - Yes we can, the updates will be successful. Is it a good idea - probably not.

To read more why it was deprecated check this one: why apt-key add is deprecated

Find deprecated keys

To find the list of deprecated lists we can run command:

sudo apt update

At the end of the command you will see something like:

W: http://ppa.launchpad.net/inkscape.dev/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), 
see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/jonaski/strawberry/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), 
see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/kdenlive/kdenlive-stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), 
see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/obsproject/obs-studio/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), 
see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/slgobinath/gcalendar/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), 
see the DEPRECATION section in apt-key(8) for details.

All those keys are deprecated.

Alternatively when you update the packages in Linux Mint or Ubuntu you will see something like:

Find details for deprecated keys

Terminal

To find all details for keys which are deprecated we can run command:

apt-key list

This will produce list of all keys:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2016-04-12 [SC]
  	EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
uid       	[ unknown] Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub   rsa4096 2021-10-26 [S] [expires: 2024-10-25]

pub   rsa4096 2016-06-24 [SC]
  	AE09 FE4B BD22 3A84 B2CC  FCE3 F60F 4B3D 7FA2 AF80
uid       	[ unknown] cudatools <cudatools@nvidia.com>

You will see another warning like:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg

UI

To find the details for the problematic keys go to:

  • Update Manager
  • Edit
  • Software Sources

You will see something like:

Easy Solution - remove and add key

Just delete the key and add it again. For example: strawberry. Using the Linux Mint UI we will:

  • Update Manager
  • Edit
  • Software Sources
  • Find strawberry PPA-s
  • delete both of them
  • Add them again from the site:
sudo add-apt-repository ppa:jonaski/strawberry
sudo apt update
sudo apt install strawberry

This command sudo add-apt-repository ppa:jonaski/strawberry will add correct key:

You are about to add the following PPA:
 Strawberry Music Player
 More info: https://launchpad.net/~jonaski/+archive/ubuntu/strawberry
Press Enter to continue or Ctrl+C to cancel

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: keybox '/etc/apt/keyrings/BE6ED0F9261CVVD9A1E5F1A4CD62234E999EA714D.keyring' created

gpg: key CD6289E999EA819D: public key "Launchpad PPA for Jonas Kvinge" imported
gpg: Total number processed: 1
gpg:           	imported: 1

Solution - Convert the deprecated key

Now let's check the first solution for entry - calendar:

W: http://ppa.launchpad.net/slgobinath/gcalendar/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

By running apt-key list we can find details:

pub rsa 4096 2016-10-02 [SC]
53A5 446D ABC1 B038 506E 33F5 E71C 0803 43BB 5214
uid [ unknown] Launchpad PPA for Gobinath

Then we can get last 8 characters - 43BB 5214:

sudo apt-key export 43BB5214 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/slgobinath.gpg

Remove the old key by:

sudo apt-key --keyring /etc/apt/trusted.gpg del 43BB5214

If you like to check the more details or how to convert all keys with single line do check: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)