How can I remove gpg key that I added using apt-key add -?
Solution 1
First you need to find the key id of the key you added. Do this by the command:
sudo apt-key list
It will list all the keys that you have, with each entry looking like this:
pub 1024R/B455BEF0 2010-07-29
uid Launchpad clicompanion-nightlies
Once you have figured out which key to remove, use the command sudo apt-key del <keyid>
where <keyid>
is replaced with the actual keyid of the key you want to remove from your keyring.
$ sudo apt-key del B455BEF0
$ apt-key list | grep clicompan
$
Solution 2
On 16.10 the short key id is no longer shown when you use the list command, but it is actually the last 8 characters of the long hex.
So for example the key id for the following key
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>
The key id will be EFE21092
Solution 3
Update for Ubuntu 20.04
after running
sudo apt-key list
you should get the list of apt keys:
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2016-04-12 [SC]
EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
uid [ unknown] Google Inc. (Linux Packages Signing Authority) <[email protected]>
sub rsa4096 2019-07-22 [S] [expires: 2022-07-21]
pub rsa4096 2017-04-11 [SC] [expired: 2019-09-28]
D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72
uid [ expired] Opera Software Archive Automatic Signing Key 2017 <[email protected]>
pub rsa4096 2019-09-12 [SC] [expires: 2021-09-11]
68E9 B2B0 3661 EE3C 44F7 0750 4B8E C3BA ABDC 4346
uid [ unknown] Opera Software Archive Automatic Signing Key 2019 <[email protected]>
sub rsa4096 2019-09-12 [E] [expires: 2021-09-11]
pub rsa4096 2017-03-13 [SC]
8CAE 012E BFAC 38B1 7A93 7CD8 C5E2 2450 0C12 89C0
uid [ unknown] TeamViewer GmbH (TeamViewer Linux 2017) <[email protected]>
sub rsa4096 2017-03-13 [E]
under uid
you have the name of the app, for example:
[ unknown] Opera Software Archive Automatic Signing Key 2019 <[email protected]>
and the key you want to delete is above it:
D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72 <-- THAT'S THE KEY
uid [ expired] Opera Software Archive Automatic Signing Key 2017 <[email protected]>
and you remove it by putting that key inside double or single quotes like this:
sudo apt-key del "D4CC 8597 4C31 396B 18B3 6837 D615 560B A5C7 FF72"
Solution 4
I made a short script to make things easier and using a string instead of the id.
You can use my script if the key contains a unique string you know.
e.g. in my case for webmin
pub 1024D/11F63C51 2002-02-28
uid Jamie Cameron <[email protected]>
sub 1024g/1B24BE83 2002-02-28
I'm sure only the webmin key on my system has jcameron
than I use this script to remove the according key.
I saved it as ~/removeAptKey
and run it as
sudo ./removeAptKey jcameron
The ouput should be something like
KEYID: 11F63C51
OK
Here is my script:
#!/bin/bash
function printKeys(){
echo "Installed keys are"
echo ""
sudo apt-key list
}
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
if [[ $# -eq 0 ]]
then
echo "No key name provided"
exit 1
fi
UNIQUE=$1
sudo apt-key list | grep "${UNIQUE}" -B 1 > result.temp
LENGTH=$(cat result.temp | wc -l)
if [[ ${LENGTH} -gt 2 ]]
then
echo "Attention you found more than 1 key. Use a more specific string."
printKeys
exit 2
fi
if [[ ${LENGTH} != 2 ]]
then
echo "Key not found. Doing nothing."
printKeys
exit 3
fi
KEYID=$(cat result.temp | grep 'pub' | cut -d " " -f 4 | cut -d "/" -f 2)
echo "KEYID: "$KEYID
apt-key del ${KEYID}
rm result.temp
First I get the upper two lines of my key's block:
sudo apt-key list
: lists the apt keys as usualgrep '${UNIQUE}' -B 1
: take only the line containing the unique key stringjcameron
and-B 1
the line before> result.temp
: Save it in a file (which is later removed)
If this returns exactly 2 lines (-> got exactly 1 key) I move on:
grep 'pub'
: Now take only the line with thepup
key idcut -d " " -f 4
: take the 4th word of that line (the first ispub
than come two spaces, than the string we are after ``)cut -d "/" -f 2
: take only the part after/
And finally delete this key and cleanup
apt-key del ${KEYID}
(in my case11F63C51
)rm result.temp
: don't need this file anymore
Solution 5
I know I might be late, but just wanted to share this one-line command to achieve this.
NOTE: This will only work if the output is an unique key.
Ubuntu versions up to 16.04 (UPDATED 2018-12-22):
apt-key del $(apt-key list | awk 'NR=='$(apt-key list | grep --line-number --regexp "FOOBAR" | cut --fields 1 --delimiter ":")'{print;exit}' | awk '{print $2}' | cut --fields 2 --delimiter "/")
where FOOBAR
is the UID name.
Ubuntu versions from 16.10:
apt-key del $(apt-key list | awk 'NR=='`expr $(apt-key list | grep --line-number --regexp "FOOBAR" | cut --fields 1 --delimiter ":") - 1`'{print;exit}')
where FOOBAR
is the UID name.
Related videos on Youtube
Raymond
Updated on September 18, 2022Comments
-
Raymond over 1 year
I don't need the key in my server's keyring anymore. Is it possible to remove it? I added the key using this command:
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
Thanks for helping
-
Nitin Venkatesh about 12 years@Raymond No problemo :)
-
ctrl-alt-delor almost 8 yearsAh I see the unique Id is on the line labelled pub, not the line labelled uid.
-
mxdsp over 7 yearson ubuntu 16.10 results seems a little different :
pub rsa4096 2012-05-11 [SC] 8439 .... uid ....
-
SColvin almost 7 yearsVery helpful, thank you. This is extremely unhelpful UX.
-
baptx over 6 years@SColvin you can just do
sudo apt-key del "8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092"
and I think it is safer to use the whole fingerprint, the keyid could have duplicates (at least when you use PGP for emails, I read you should share your whole fingerprint and not just the keyid). -
Hartmut Pfarr about 6 yearsVery helpful, very true also for 17.10!
-
Russ Bateman over 5 yearsAnd for 18.04.1.
-
Gabriel Fair over 5 yearsI'm not sure why, but I got an error when I tried to run the
16.04
command you provided.awk: line 1: syntax error at or near {
But the angle braces match, so I'm not sure why this doesn't work -
Gabriel Fair over 5 yearsI ran this without a parameter and it just wiped out all my keys. ;(
-
David Tabernero M. over 5 years@GabrielFair Thanks for noticing, back in june it has been working (I copy-pasted it from my console) but now seems that has been updated and the
apt-key list
format has changed. Now it seems to be working again. (EDIT: Remember to run this as superuser) -
Gabriel Fair over 5 yearsIf anyone else has their keys wipped, I was able to fix it by following these instructions: askubuntu.com/a/145933/13693
-
derHugo over 5 yearsHu? How did this happen? It should exit with an "No key name provided" if there was no parameter..
-
kennyB about 5 yearsLooks like this needs to be updated for 18.04
-
defuzed about 5 years@derHugo not sure but could it be that the
#
in that if clause is the culprit? -
derHugo about 5 years@defuzed if you mean
$#
then no. It returns the amount of given parameters. -
Corey over 4 yearsAfter deleting the key, I encountered a new problem
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY
, what should I do next ? -
Corey over 4 yearsI found the answer, adding a
#
before the repo in/etc/apt/sources.list
, then re-runsudo apt update
, works for me on Ubuntu 18.04. -
Purefan almost 4 yearsit also worked for me to take the last 8 characters in the key and remove the space in between: sudo apt-key del A5C7FF72
-
lewis4u almost 4 yearsyes... I think it would even work if you take any part of that key because it searches the pattern inside that whole key without spaces
-
Amos Folarin almost 4 yearshas to be one of the stupidest
--help
listing (totally unclear what the id is) -
sorrow poetry about 3 yearsOn 16.10 the short key id is no longer shown when you use the list command, but it is actually the last 8 characters of the long hex. from @wesam answer.