So, it will be good to upgrade ourselves and start using the signed-by for maintaining the GPG keys and for the repositories. In this article, we will discuss, how securely import the GPG repository signing keys to the Ubuntu, Debian, Linux Mint and Pop!_OS, etc.
Configuring GPG Key Without apt-key
You can download the OpenPGP key on your system using the wget or curl command. Then dearmor the Key and save it to your system. For example, we need to configure Webmin PPA on our system. Then, first I have to install the GPG key using one of the below commands:
Using wget command:wget -O- https://download.webmin.com/jcameron-key.asc | sudo gpg –dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1 Using curl command:curl https://download.webmin.com/jcameron-key.asc | gpg –dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1
The above commands will create a file at /usr/share/keyrings/jcameron-key.gpg on your system. So, Now you have successfully configured the GPG key on your system. Next, edit the Webmin PPA file in a text editor and configure it with the above-created file as shown below: Save the file and close it.
Conclusion
That’s it. You have successfully configured a new PPA with a GPG key on your system. The new way of using the GPG key is optional in Ubuntu 22.04 and Debian 11 systems. As it is related to system security, from the next releases, this will be compulsory. So this is a good idea to keep practicing this way.
