How to download, verify, and install the backports.org GPG key.

These instructions are adapted from the DebianEdu backports.org instructions.

1. Download backports GPG key

The key ID is on the backports website. We will save it to a temporary keyring.

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyserver hkp://subkeys.pgp.net \
      --recv-keys 16BA136C
gpg: keyring `/tmp/backports.gpg' created
gpg: requesting key 16BA136C from hkp server subkeys.pgp.net
gpg: key 16BA136C: public key "Backports.org Archive Key <ftp-master@backports.org>" imported
gpg: public key of ultimately trusted key EF6CC3C1 not found
gpg: public key of ultimately trusted key 78733EF8 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: Total number processed: 1
gpg:               imported: 1

2. Check the backports key's signatures

Check the signatures using the Debian developers keyring (part of the debian-keyring package).

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --keyring /usr/share/keyrings/debian-keyring.gpg \
      --check-sigs 16BA136C
pub   1024D/16BA136C 2005-08-21
uid                  Backports.org Archive Key <ftp-master@backports.org>
sig!         7E7B8AC9 2005-11-20  Joerg Jaspert <joerg@debian.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sig!3        16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>
sub   2048g/5B82CECE 2005-08-21
sig!         16BA136C 2005-08-21  Backports.org Archive Key <ftp-master@backports.org>

3 signatures not checked due to missing keys

You can see three self-signatures, and one valid signature by a Debian developer.

3. Add the backports key to apt's keyring

$ gpg --no-default-keyring \
      --keyring /tmp/backports.gpg \
      --export 16BA136C | 
      sudo apt-key add -
OK