I don't need the key in my server's keyring anymore. Is it possible to remove it? I added the key using this command:
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
Thanks for helping
Asked
Active
Viewed 3.2e+01k times
237
Jorge Castro
- 71,754
Raymond
- 2,485
8 Answers
285
On 16.10 the short key id is no longer shown when you use the list command, but it is actually the last 8 characters of the long hex.
So for example the key id for the following key
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
The key id will be EFE21092
Wesam
- 2,859
265
First you need to find the key id of the key you added. Do this by the command:
sudo apt-key list
It will list all the keys that you have, with each entry looking like this:
pub 1024R/B455BEF0 2010-07-29
uid Launchpad clicompanion-nightlies
Once you have figured out which key to remove, use the command sudo apt-key del <keyid> where <keyid> is replaced with the actual keyid of the key you want to remove from your keyring.
$ sudo apt-key del B455BEF0
$ apt-key list | grep clicompan
$
dessert
- 39,982
Nitin Venkatesh
- 22,221
-
-
4Ah I see the unique Id is on the line labelled pub, not the line labelled uid. – ctrl-alt-delor Jun 21 '16 at 07:59
-
18on ubuntu 16.10 results seems a little different :
pub rsa4096 2012-05-11 [SC] 8439 .... uid ....– mxdsp Nov 06 '16 at 16:17 -
7
-
After deleting the key, I encountered a new problem
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY, what should I do next ? – Corey Aug 27 '19 at 03:10 -
I found the answer, adding a
#before the repo in/etc/apt/sources.list, then re-runsudo apt update, works for me on Ubuntu 18.04. – Corey Aug 27 '19 at 03:20 -
6On 16.10 the short key id is no longer shown when you use the list command, but it is actually the last 8 characters of the long hex. from @wesam answer. – sorrow poetry Mar 02 '21 at 14:04
-
As the key id is no more shown just use the long hex string under pub and put in in quotes. – robsn Jun 25 '23 at 18:39
45
Update for Ubuntu 20.04
after running
sudo apt-key list
you should get the list of apt keys:
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-12 [SC]
EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
uid [ unknown] Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub rsa4096 2019-07-22 [S] [expires: 2022-07-21]
pub rsa4096 2017-04-11 [SC] [expired: 2019-09-28]
D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72
uid [ expired] Opera Software Archive Automatic Signing Key 2017 <packager@opera.com>
pub rsa4096 2019-09-12 [SC] [expires: 2021-09-11]
68E9 B2B0 3661 EE3C 44F7 0750 4B8E C3BA ABDC 4346
uid [ unknown] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>
sub rsa4096 2019-09-12 [E] [expires: 2021-09-11]
pub rsa4096 2017-03-13 [SC]
8CAE 012E BFAC 38B1 7A93 7CD8 C5E2 2450 0C12 89C0
uid [ unknown] TeamViewer GmbH (TeamViewer Linux 2017) <support@teamviewer.com>
sub rsa4096 2017-03-13 [E]
under uid you have the name of the app, for example:
[ unknown] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>
and the key you want to delete is above it:
D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72 <-- THAT'S THE KEY
uid [ expired] Opera Software Archive Automatic Signing Key 2017 <packager@opera.com>
and you remove it by putting that key inside double or single quotes like this:
sudo apt-key del "D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72"
lewis4u
- 4,866
-
1it also worked for me to take the last 8 characters in the key and remove the space in between: sudo apt-key del A5C7FF72 – Purefan Jun 22 '20 at 06:53
-
2yes... I think it would even work if you take any part of that key because it searches the pattern inside that whole key without spaces – lewis4u Jun 22 '20 at 06:58
5
I made a short script to make things easier and using a string instead of the id.
You can use my script if the key contains a unique string you know.
e.g. in my case for webmin
pub 1024D/11F63C51 2002-02-28
uid Jamie Cameron <jcameron@webmin.com>
sub 1024g/1B24BE83 2002-02-28
I'm sure only the webmin key on my system has jcameron than I use this script to remove the according key.
I saved it as ~/removeAptKey
and run it as
sudo ./removeAptKey jcameron
The ouput should be something like
KEYID: 11F63C51
OK
Here is my script:
#!/bin/bash
function printKeys(){
echo "Installed keys are"
echo ""
sudo apt-key list
}
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
if [[ $# -eq 0 ]]
then
echo "No key name provided"
exit 1
fi
UNIQUE=$1
sudo apt-key list | grep "${UNIQUE}" -B 1 > result.temp
LENGTH=$(cat result.temp | wc -l)
if [[ ${LENGTH} -gt 2 ]]
then
echo "Attention you found more than 1 key. Use a more specific string."
printKeys
exit 2
fi
if [[ ${LENGTH} != 2 ]]
then
echo "Key not found. Doing nothing."
printKeys
exit 3
fi
KEYID=$(cat result.temp | grep 'pub' | cut -d " " -f 4 | cut -d "/" -f 2)
echo "KEYID: "$KEYID
apt-key del ${KEYID}
rm result.temp
First I get the upper two lines of my key's block:
sudo apt-key list: lists the apt keys as usualgrep '${UNIQUE}' -B 1: take only the line containing the unique key stringjcameronand-B 1the line before> result.temp: Save it in a file (which is later removed)
If this returns exactly 2 lines (-> got exactly 1 key) I move on:
grep 'pub': Now take only the line with thepupkey idcut -d " " -f 4: take the 4th word of that line (the first ispubthan come two spaces, than the string we are after ``)cut -d "/" -f 2: take only the part after/
And finally delete this key and cleanup
apt-key del ${KEYID}(in my case11F63C51)rm result.temp: don't need this file anymore
derHugo
- 3,356
- 5
- 31
- 51
-
2I ran this without a parameter and it just wiped out all my keys. ;( – Gabriel Fair Dec 21 '18 at 23:11
-
2If anyone else has their keys wipped, I was able to fix it by following these instructions: https://askubuntu.com/a/145933/13693 – Gabriel Fair Dec 22 '18 at 02:29
-
Hu? How did this happen? It should exit with an "No key name provided" if there was no parameter.. – derHugo Dec 22 '18 at 10:49
-
@derHugo not sure but could it be that the
#in that if clause is the culprit? – defuzed Apr 09 '19 at 15:51 -
@defuzed if you mean
$#then no. It returns the amount of given parameters. – derHugo Apr 09 '19 at 17:51
4
I know I might be late, but just wanted to share this one-line command to achieve this.
NOTE: This will only work if the output is an unique key.
Ubuntu versions up to 16.04 (UPDATED 2018-12-22):
apt-key del $(apt-key list | awk 'NR=='$(apt-key list | grep --line-number --regexp "FOOBAR" | cut --fields 1 --delimiter ":")'{print;exit}' | awk '{print $2}' | cut --fields 2 --delimiter "/")
where FOOBAR is the UID name.
Ubuntu versions from 16.10:
apt-key del $(apt-key list | awk 'NR=='`expr $(apt-key list | grep --line-number --regexp "FOOBAR" | cut --fields 1 --delimiter ":") - 1`'{print;exit}')
where FOOBAR is the UID name.
-
1I'm not sure why, but I got an error when I tried to run the
16.04command you provided.awk: line 1: syntax error at or near {But the angle braces match, so I'm not sure why this doesn't work – Gabriel Fair Dec 21 '18 at 22:45 -
@GabrielFair Thanks for noticing, back in june it has been working (I copy-pasted it from my console) but now seems that has been updated and the
apt-key listformat has changed. Now it seems to be working again. (EDIT: Remember to run this as superuser) – David Tabernero M. Dec 22 '18 at 00:47
4
I did this,
sudo apt-key list
Find the 'expired' key, then delete it, in my case,
sudo apt-key del "31CF B0B6 5659 B5D4 0DEE C98D DFA1 75A7 5104 960E"
Then do
sudo apt update
The deleted key will say its not available note that string, in my case DFA175A75104960E
Then update the key like this, for my case DFA175A75104960E needed update,
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DFA175A75104960E
Should work now.
mrigendra
- 207
- 1
- 8
1
If you happen to have the .asc key file, you can be sure you are deleting the right key with a command like this. (Replace mykey.asc with your key file below.)
apt-key del "$(gpg -n -q --import --import-options import-show mykey.asc | grep '^pub' -A 1 | tail -n 1 | xargs)"
This command seems to work on Ubuntu 20.04. Credit for the gpg command goes to maxschlepzig for their answer here.
Andrew Tapia
- 929
- 6
- 19
-
when i delete a key like so terminal tells me "OK" but later the error message is still the same. do i need a reboot? – SL5net Dec 10 '22 at 15:45
-
@SL5net I don't think you should need to reboot after running this command, but you will probably need to run
apt update. It's been a little while since I wrote this answer, though. What error message are you getting? – Andrew Tapia Dec 10 '22 at 23:54
1
Maybe I'm missing something... but you can use the GUI also, on Settings of Software Updater:
Pablo Bianchi
- 15,657
sudo apt-key del "8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092"and I think it is safer to use the whole fingerprint, the keyid could have duplicates (at least when you use PGP for emails, I read you should share your whole fingerprint and not just the keyid). – baptx Dec 02 '17 at 12:14--helplisting (totally unclear what the id is) – Amos Folarin Jun 24 '20 at 21:32