Apt-get GPG Error: Public Key Not Available

The next version of Ubuntu is coming soon

Apt-get GPG Error: Public Key Not Available

Jan.26, 2009 in Fixes, HowTo, Ubuntu

I spent the evening relocating a local mirror of Ubuntu’s Hardy and Intrepid repository from one machine to another. When I was finished, I went about updating the sources.list files on the various computers when I encountered a GPG error. One of the four Launchpad PPA repos I follow added a signature and I didn’t have the public key in which to verify it.

After updating the repos with apt-get update, it kicked out the following error:

W: GPG error: http://ppa.launchpad.net hardy Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 4874D3686E80C6B7
W: You may want to run apt-get update to correct these problems

It’s suggestion to run the very same command again wasn’t going to work. I needed to get and add the public key. But since I’m following more than one Launchpad PPA repo, I wanted to verify whose key was being used before I added it.

Ubuntu runs a keyserver at http://keyserver.ubuntu.com:11371 that can be queried both automatically and manually. The error shows you the hex format of the keyid. When you go to Ubuntu’s keyserver with your web browser, you’ll see a form in which to extract a key. Enter the keyid into the Search String box, preceding it with 0x (zero and the letter X) and click Submit Query. You’ll then be presented with that keyid’s details which includes its creation date, its uid, and a list of people who signed it.

keyserver_banshee_keyid

You can see that this is a fairly new signature. From the uid, you can see that it’s for the Banshee Launchpad PPA. It was created on 2009-01-20 and was signed by Kaushal with their key. For a comparison, see Google’s Linux Package Signing Key’s entry.

keyserver_google_keyid

Google’s key is almost two years old with a few more signatures.

To see the actual key, you can click on the link next to pub. What you get is the actual public key that needs to be stored.

keyserver_banshee_key

The next thing I want to do is add that key from the keyserver to apt’s list of keys. Highlight and copy the key’s keyserver address. For this key, it’s http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4874D3686E80C6B7 and use it on the command line like so:

wget -q "http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4874D3686E80C6B7" -O- | sudo apt-key add -

This will have wget fetch the key and pipe it to apt-key. You’ll probably be asked for your user password. After apt-key adds it to its list, you’ll see OK and the command prompt.

adam@obsidian:~$ wget -q “http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x4874D3686E80C6B7″ -O- | sudo apt-key add -
[sudo] password for adam:
OK
adam@obsidian:~$

If you’d like to see a list of all apt’s stored keys, you can have it display them with:

sudo apt-key list

You should see a listing similar to:

adam@obsidian:~$ sudo apt-key list
[sudo] password for adam:
/etc/apt/trusted.gpg
——————–
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key <[email protected]>
sub   2048g/79164387 2004-09-12

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <[email protected]>

pub   1024D/0C5A2783 2006-11-23
uid                  Medibuntu Packaging Team <[email protected]>
uid                  The Medibuntu Team <[email protected]>
sub   2048g/16C7105A 2006-11-23

pub   1024D/6A423791 2006-09-26 [expires: 2009-09-25]
uid                  Opera Software Archive Automatic Signing Key <[email protected]>
sub   2048g/BEAEDCB7 2006-09-26 [expires: 2009-09-25]

pub   1024D/7FAC5991 2007-03-08
uid                  Google, Inc. Linux Package Signing Key <[email protected]>
sub   2048g/C07CB649 2007-03-08

pub   1024D/6DFBCBAE 2008-07-14
uid                  Sun Microsystems, Inc. (xVM VirtualBox archive signing key) <[email protected]>
sub   2048g/78A86EAF 2008-07-14

pub   1024D/387EE263 2004-09-17
uid                  Scott Ritchie <[email protected]>
uid                  Scott Ritchie <[email protected]>
uid                  Scott Ritchie <[email protected]>
sub   1024g/203C857C 2004-09-17

pub   1024R/6E80C6B7 2009-01-20
uid                  Launchpad PPA for Banshee Team

adam@obsidian:~$

Right there at the bottom, you can see the newly added key for the Banshee Team.

UPDATE:

Launchpad News posted a screencast showing how to find/add PPA keys through the desktop without having to use the command line as I have done above. You can find it at http://news.launchpad.net/ppa/adding-a-ppas-key-to-ubuntu with full audio commentary.

Tags: apt-get

Comments (7)

7 Comments on “Apt-get GPG Error: Public Key Not Available”

Fix software sources bad behaviour « Indlovu
June 8th, 2009 at 4:39 pm
[...] Forums for pointing this out. I also found a method for querying keyservers. The tutorial is at RebelZero.Com and it is probably more security conscious than the above [...]
Peter
November 11th, 2009 at 4:00 pm
Something I just wrote on the Launchpad Screencast page (mentioned above) for adding the PGP Keys in ubuntu.

Right I was working through this and a more general way in which to do this is as follows (I’m going to us SMPlayer as my example):

The SMPlayer PPA is located at:
https://launchpad.net/~rvm/+archive/smplayer

First we add it to the package manager as in the screen cast above in the Third Party tab. Next we are going to deal with getting the key. On that page there is a link called “Technical details about this PPA” which we click to bring up the “Signing Key” which is what we are going to need to use to search for the key we need for SMPlayer.

At the time of writing its: 1024R/E4A4F4F4

For the search we’ll only be interested in the part after the forward slash e.g. E4A4F4F4. Next we go to http://keyserver.ubuntu.com:11371/ and search for “0xE4A4F4F4″ (without the quotes obviously). This will bring up the link to the PGP key we are looking for and by clicking it we get our PGP key, which we can then add to our authenticated sources list as per the screen cast above. Then just do the same steps as done in the screen cast.
calagan
September 3rd, 2010 at 8:15 pm
Thanks.

This helped me a lot while trying to update ebox on my Ubuntu Lucid
Betty
September 10th, 2010 at 6:41 pm
Thank you so much for this! I have spent the past several days trying to figure out why Medibuntu wouldn’t update correctly, and this is the only place that truly explained how to fix the public key error.
Stinde
March 7th, 2011 at 9:07 am
Thanks for this help!

After I opened succesfully tcp-port in firewall
and followed your guide, I managed to overcome
this error:
“W: GPG error: http://ppa.launchpad.net maverick Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY CBDFA02B432BB368″
Rudi Pittman
March 20th, 2011 at 6:27 am
And what do you do if a key just doesn’t bloody exist PERIOD? Example: 39456311108B243F
james price
May 1st, 2011 at 1:17 pm
This solved a problem I did not want to have. Thanks.

Protest SOPA PIPA

The future of the Internet is being threatened by the US Government and copyright lobbyists by the propostion of two bills being deliberated over in the US Congress, SOPA and PIPA. Speak out against Internet censorship by visiting Fight For The Future here.

Rebel Zero

We don't do Windoze