If you’re adding additional sources for apt-get in your Dockerfile you should make sure that the correct key is added, otherwise the integrity of your Docker image may be violated.
You can do so by using sha256sum to generate the checksum of the downloaded file and compare it to a given checksum. That checksum could be listed on the web page where you download the file from or you can create it by yourself with sha256sum:


$:~/Docker-apt-key-security$ sha256sum archive.key
191f801a17273f25b781c580c2900d2fd58064554220ad6e18698aeb3c3afe70 archive.key

In that case "191f801a17273f25b781c580c2900d2fd58064554220ad6e18698aeb3c3afe70" is the checksum of the file archive.key.

Use that checksum in your Dockerfile, once the key file was downloaded:

wget -q <URL> \
   && echo "<CHECKSUM>  <FILENAME>" \
   | sha256sum -c

Note the double spaces between the checksum and the file name, this is the checksum file format.
You get the whole string for the echo command when you execute sha256sum.
 
The whole Dockerfile would look like this:
 

FROM ubuntu:16.04

RUN apt-get update \
    && apt-get install -y wget

# download archive.key-file,
# and check checksum against a
# previously calculated checksum with "sha256sum archive.key"
# Note the double space between checksum and file name

RUN wget -q http://deb.opera.com/archive.key \
  && echo "191f801a17273f25b781c580c2900d2fd58064554220ad6e18698aeb3c3afe70  archive.key" \
  | sha256sum -c