Google Chrome authentication key added twice

Questions about applications and software
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Google Chrome authentication key added twice

Post by pauljames77 »

The authentication key below was added after I installed the google-chrome-stable .deb package - version 89

Google, Inc. (Linux Package Signing Authority) <linux-packages-keymaster@google.com>
Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796

The same authentication key was then added again after I updated google-chrome-stable to version 96

I confirmed this by checking the list of authentication keys in the Software Sources app?

- Is this normal behaviour, or a bug?
- Does the same authentication key get added to the list of authentication keys on each update?
- Can duplicate entries be safely removed from the list of authentication keys via the maintenance section in the Software Sources app?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Re: Google Chrome authentication key added twice

Post by pauljames77 »

Does the "remove duplicate entries" option in the "Sources" app remove duplicate signing keys?
t42
Level 11
Level 11
Posts: 3708
Joined: Mon Jan 20, 2014 6:48 pm

Re: Google Chrome authentication key added twice

Post by t42 »

These keys should have different fingerprints. This is what expected after adding the key:

Code: Select all

Key ID: Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
Google, Inc. (Linux Package Signing Authority) <linux-packages-keymaster@google.com>
Fingerprint: EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796 
Not related to the original question. An output below explains why there are two keys - second key remedies dsa1024 situation preventing apt sha1 errors:

Code: Select all

gpg --list-signatures Google
pub   dsa1024 2007-03-08 [SC]
      4CCA1EAF950CEE4AB83976DCA040830F7FAC5991
uid           [ unknown] Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
sig 3        A040830F7FAC5991 2007-04-05  Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
sub   elg2048 2007-03-08 [E]
sig          A040830F7FAC5991 2007-03-08  Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>

pub   rsa4096 2016-04-12 [SC]
      EB4C1BFD4F042F6DDDCCEC917721F63BD38B4796
uid           [ unknown] Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sig 3        7721F63BD38B4796 2016-04-12  Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub   rsa4096 2019-07-22 [S] [expires: 2022-07-21]
sig          7721F63BD38B4796 2019-07-22  Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub   rsa4096 2021-10-26 [S] [expires: 2024-10-25]
sig          7721F63BD38B4796 2021-10-26  Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
-=t42=-
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Re: Google Chrome authentication key added twice

Post by pauljames77 »

- The same signing key was added twice.

- It was first added when I installed the Chrome .deb file, and it was added again when I updated Chrome.

- Do you know if I can safely remove one of the keys using the "Software Sources" app?

- The "remove duplicate entries" option in "Software Sources" could not find any duplicates, so this must mean that it is not used to remove duplicate signing keys.
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Google Chrome authentication key added twice

Post by Pjotr »

True duplicates can probably be removed safely. But it's purely a cosmetic issue, because what does it hurt to have an extra key? :wink:
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Re: Google Chrome authentication key added twice

Post by pauljames77 »

- The real question is: why did the Chrome update add the signing key again?

- I have never seen this behaviour with other apps I have installed.
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Google Chrome authentication key added twice

Post by Pjotr »

pauljames77 wrote: Tue Dec 07, 2021 3:01 pm - The real question is: why did the Chrome update add the signing key again?

- I have never seen this behaviour with other apps I have installed.
Likewise on both counts. My guess: error on the side of the Chrome devs. It's an old "problem".
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Re: Google Chrome authentication key added twice

Post by pauljames77 »

Have you noticed this issue on your system?
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Google Chrome authentication key added twice

Post by Pjotr »

pauljames77 wrote: Tue Dec 07, 2021 5:32 pm Have you noticed this issue on your system?
Yes. As said, it's probably a packaging error in the Chrome .deb file. Anyway, it's harmless.... :wink:
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
pauljames77
Level 2
Level 2
Posts: 91
Joined: Sun Oct 04, 2020 6:11 pm

Re: Google Chrome authentication key added twice

Post by pauljames77 »

Pjotr wrote: Tue Dec 07, 2021 6:22 pm
pauljames77 wrote: Tue Dec 07, 2021 5:32 pm Have you noticed this issue on your system?
Yes. As said, it's probably a packaging error in the Chrome .deb file. Anyway, it's harmless.... :wink:
- On which update did you notice that the Chrome signing key was added for the second time?

- Chrome is actually due an update today. I wonder if the signing key will be added for a third time?
User avatar
Pjotr
Level 23
Level 23
Posts: 19883
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland) 🇳🇱
Contact:

Re: Google Chrome authentication key added twice

Post by Pjotr »

pauljames77 wrote: Wed Dec 08, 2021 11:48 am - On which update did you notice that the Chrome signing key was added for the second time?
Dunno. Rather long ago. It just happens from time to time.
pauljames77 wrote: Wed Dec 08, 2021 11:48 am - Chrome is actually due an update today. I wonder if the signing key will be added for a third time?
The proof of the pudding is in the eating. :lol:
Tip: 10 things to do after installing Linux Mint 21.3 Virginia
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
t42
Level 11
Level 11
Posts: 3708
Joined: Mon Jan 20, 2014 6:48 pm

Re: Google Chrome authentication key added twice

Post by t42 »

Pjotr wrote: Wed Dec 08, 2021 3:28 pm It just happens from time to time.
There is a file /etc/default/google-chrome If you have there

Code: Select all

repo_add_once="false"
change it to

Code: Select all

repo_add_once="true"
-=t42=-
Locked

Return to “Software & Applications”