[Ubuntu/Debian] Yubico's PPA (Personal Package Archive) Causes Weak Algorithm (rsa1024) Warning on Ubuntu 24.04 LTS

[m33x]

• YubiKey Manager (ykman) version: 5.4.0
• How was it installed?: Yubico's PPA
• Operating system and version: Ubuntu 24.04 (Noble Numbat)
• YubiKey model and version: Irrelevant
• Bug description summary: The PPA signature key is based on a weak and deprecated algorithm (RSA 1024 bits), which causes a warning message in Ubuntu 24.04.

Steps to reproduce

1) Visit https://www.yubico.com/support/download/yubikey-manager/ click on "Linux – Ubuntu Download" 2) Follow the tutorial and try to add Yubico's PPA 3) Run sudo apt-get update

Expected result

No error message appears.

Actual results and logs

The following error message appears:

W: https://ppa.launchpadcontent.net/yubico/stable/ubuntu/dists/noble/InRelease: Signature by key 3653E21064B19D134466702E43D5C49532CBA1A9 uses weak algorithm (rsa1024)

Other info

Please update your repository key to something stornger than RSA 1024bit.

[dainnilsson]

This is an issue with Launchpad, unfortunately there is nothing we can do other than wait for them to complete the work. Please see https://answers.launchpad.net/launchpad/+question/809194

[m33x]

@dainnilsson It looks like there is finally some progress on this issue. Can you please have a second look? It seems end-users can now fix it on their own.

[dainnilsson]

Thanks!

Based on the latest comment in that thread: All the affected Launchpad PPAs have been signed with a more secure key and Launchpad now serve that key. So for fixing this issue for PPAs already added to a system, just remove and re-add them.

I read this as each user will have to remove and re-add the PPA manually to get rid of the warning, so nothing really for us to do?

EDIT: If anyone wants to try this and can let us know if that fixes the issue, I'd love to hear the results!

[m33x]

Can confirm. Workaround fixed the issue for me. This can be closed.

$ sudo apt update

...
Fetched 19.7 MB in 5s (3,979 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
64 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: https://ppa.launchpadcontent.net/yubico/stable/ubuntu/dists/noble/InRelease: Signature by key 3653E21064B19D134466702E43D5C49532CBA1A9 uses weak algorithm (rsa1024)

$ sudo add-apt-repository --remove ppa:yubico/stable

Repository: 'Types: deb
URIs: https://ppa.launchpadcontent.net/yubico/stable/ubuntu/
Suites: noble
Components: main
'
Description:
PPA for stable Yubico software.
More info: https://launchpad.net/~yubico/+archive/ubuntu/stable
Removing repository.
Press [ENTER] to continue or Ctrl-c to cancel.
Removing entry from /etc/apt/sources.list.d/yubico-ubuntu-stable-noble.sources

$ sudo add-apt-repository ppa:yubico/stable

Repository: 'Types: deb
URIs: https://ppa.launchpadcontent.net/yubico/stable/ubuntu/
Suites: noble
Components: main
'
Description:
PPA for stable Yubico software.
More info: https://launchpad.net/~yubico/+archive/ubuntu/stable
Adding repository.
...
Fetched 22.1 kB in 2s (12.9 kB/s)          
Reading package lists... Done