How can I remove gpg key that I added using apt-key add -?

First you need to find the key id of the key you added. Do this by the command:

sudo apt-key list

It will list all the keys that you have, with each entry looking like this:

pub   1024R/B455BEF0 2010-07-29
uid                  Launchpad clicompanion-nightlies

Once you have figured out which key to remove, use the command sudo apt-key del <keyid> where <keyid> is replaced with the actual keyid of the key you want to remove from your keyring.

$ sudo apt-key del B455BEF0
$ apt-key list | grep clicompan
$

On 16.10 the short key id is no longer shown when you use the list command, but it is actually the last 8 characters of the long hex.

So for example the key id for the following key

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>

The key id will be EFE21092


I made a short script to make things easier and using a string instead of the id.

You can use my script if the key contains a unique string you know.
e.g. in my case for webmin

pub   1024D/11F63C51 2002-02-28
uid                  Jamie Cameron <[email protected]>
sub   1024g/1B24BE83 2002-02-28

I'm sure only the webmin key on my system has jcameron than I use this script to remove the according key.

I saved it as ~/removeAptKey

and run it as

sudo ./removeAptKey jcameron

The ouput should be something like

KEYID: 11F63C51
OK

Here is my script:

#!/bin/bash

function printKeys(){
    echo "Installed keys are"
    echo ""
    sudo apt-key list
}

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

if [[ $# -eq 0 ]]
then
    echo "No key name provided"
    exit 1
fi

UNIQUE=$1

sudo apt-key list | grep "${UNIQUE}" -B 1 > result.temp

LENGTH=$(cat result.temp | wc -l)

if [[ ${LENGTH} -gt 2 ]]
then
    echo "Attention you found more than 1 key. Use a more specific string."
    printKeys
    exit 2
fi

if [[ ${LENGTH} != 2 ]]
then
    echo "Key not found. Doing nothing."
    printKeys
    exit 3
fi

KEYID=$(cat result.temp | grep 'pub' | cut -d " " -f 4 | cut -d "/" -f 2)
echo "KEYID: "$KEYID

apt-key del ${KEYID}

rm result.temp

First I get the upper two lines of my key's block:

  • sudo apt-key list: lists the apt keys as usual
  • grep '${UNIQUE}' -B 1: take only the line containing the unique key string jcameron and -B 1 the line before
  • > result.temp: Save it in a file (which is later removed)

If this returns exactly 2 lines (-> got exactly 1 key) I move on:

  • grep 'pub': Now take only the line with the pup key id
  • cut -d " " -f 4: take the 4th word of that line (the first is pub than come two spaces, than the string we are after ``)
  • cut -d "/" -f 2: take only the part after /

And finally delete this key and cleanup

  • apt-key del ${KEYID} (in my case 11F63C51)
  • rm result.temp: don't need this file anymore