SHA1 is bad and it’s going away.
Apt has rolled out changes that remove encryption keys that use SHA1, and guess what. Google Chrome on Linux/Chrome uses SHA1 for their package encryption.
Have you ever spent the day trying to resolve SSL certificate issues on the Google Chrome browser. Especially with the Android Chrome browser (it’s more strict than the desktop version), then you’ve seen the below image despite paying for a valid certificate.
Google Chrome is very picky about how your HTTPS is configured, what encryption protocol it uses and does not like SHA1 public keys.
Today’s latest problem is with this warning message:
$ apt-get update Reading package lists... Done W: There is no public key available for the following key IDs: 1397BC53640DB551
Yes, this is from the public key for Google Chrome and the irony.. oh the irony…
You can ignore this, but it isn’t going to go away until Google fixes their signed package.
You can add the ID back to your list of public keys which will make the warning go away.
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 1397BC53640DB551
Google is aware of the issue and working on a fix.