How to add a third-party repo. and key in Debian?

You must NEVER install any 3rd party key with apt-key add, as suggested in other posts, because it would cause the system to accept signatures from the third-party keyholder on all other repositories configured on the system. You should set up the repository and install the key as follows:

1. Create directory for manually installed OpenPGP keys:

   $ sudo mkdir /usr/local/share/keyrings
   

2. Download the key into the directory.

   Since your key’s extension is .asc, it is probably "ascii-armored" (you can check this by downloading they key and opening it in a text editor: if it starts with something like

   -----BEGIN PGP PUBLIC KEY BLOCK-----
   

   then it is armored; if it looks like a set of some binary data, then it is not armored and you can use it as it is):

   • for an armored key:

     $ curl https://riot.im/packages/debian/repo-key.asc | gpg --dearmor | sudo dd of=/usr/local/share/keyrings/riot-archive-keyring.gpg
     

   • If the key is not armored, then use this command instead:

     $ sudo wget -O /usr/local/share/keyrings/riot-archive-keyring.gpg https://riot.im/packages/debian/repo-key.asc
     

3. Add the desired 3rd party repository into the list of sources (pay attention to the signed-by option, it tells APT that the repo is signed with the specific key):

   • It is recommended to use the new deb822 multiline format for sources now. So create new .sources file with the respective content below:

     $ sudoedit /etc/apt/sources.list.d/riot.sources
     

     Types: deb
     URIs: https://riot.im/packages/debian/
     Suites: stretch
     Components: main
     Signed-By: /usr/local/share/keyrings/riot-archive-keyring.gpg
     

   • Or if you prefer the legacy style (one line per source), use this command instead::

     $ echo "deb [signed-by=/usr/local/share/keyrings/riot-archive-keyring.gpg] https://riot.im/packages/debian/ stretch main" | sudo tee -a /etc/apt/sources.list.d/riot.list
     

4. Restrict the 3rd party repository to some specific software package only. Create preference control file for APT:

   $ sudoedit /etc/apt/preferences.d/riot.pref
   

5. Put the following content into the file (if necessary, you can append the package name with asterisk (*) as a wildcard or list multiple package names separated by space ():

   Package: *
   Pin: origin riot.im
   Pin-Priority: 1
   
   Package: riot-web
   Pin: origin riot.im
   Pin-Priority: 500
   

You can find official information from Debian here: https://wiki.debian.org/DebianRepository/UseThirdParty

To add the key run:

wget https://riot.im/packages/debian/repo-key.asc
sudo apt-key add repo-key.asc

The third-party repo is correct and compatible with the general format posted on debian wiki:

The entries in this file normally follow this format:

deb http://site.example.com/debian distribution component1 component2 component3