Comment 2 for bug 1988291

Dropping keys in /etc/apt/trusted.gpg.d is supported already in Xenial, however the DEPRECATION section in apt-key(8) says that:

  The binary OpenPGP format works for all apt versions,
  while the ASCII armored format works for apt version >= 1.4.

Xenial has apt 1.2.35 (xenial-updates), so we have to stick to the binary format if we want to cover all the releases. This *should* work:

wget -qO- "https://keyserver.ubuntu.com/pks/lookup?op=get&search=FINGERPRINT" | gpg --dearmor > /etc/apt/trusted.gpg.d/fooppa.gpg