Home / ubuntu / Questions / 13065
Accepted
Agmenor
Asked: 2010-11-14 12:27:50 +0800 CST

How do I fix the GPG error "NO_PUBKEY"?

  • 772

I added some extra repositories with the Software Sources program. But when I reload the package database, I get an error like the following:

W: GPG error: http://ppa.launchpad.net trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8BAF9A6F

I know I can fix it using apt-key in a terminal, according to the official Ubuntu documentation. But I would have liked to do it graphically. Is there a way to do this without using a terminal?

apt gnupg

13 Answers

  1. Execute the following commands in terminal

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>

    where <PUBKEY> is your missing public key for repository, e.g. 8BAF9A6F.

    Then update 

    sudo apt-get update

    ALTERNATE METHOD:

    sudo gpg --keyserver pgpkeys.mit.edu --recv-key  <PUBKEY>
sudo gpg -a --export <PUBKEY> | sudo apt-key add -
sudo apt-get update

    Note that when you import a key like this using apt-key you are telling the system that you trust the key you're importing to sign software your system will be using. Do not do this unless you're sure the key is really the key of the package distributor.

    • 847
  2. Best Answer

    By far the simplest way to handle this now is with Y-PPA-Manager (which now integrates the launchpad-getkeys script with a graphical interface).

    1. To install it, first add the webupd8 repository for this program:

      sudo add-apt-repository ppa:webupd8team/y-ppa-manager

    2. Update your software list and install Y-PPA-Manager:

      sudo apt-get update
sudo apt-get install y-ppa-manager

    3. Run y-ppa-manager (i.e. type y-ppa-manager then press enter key).

    4. When the main y-ppa-manager window appears, click on "Advanced."

    5. From the list of advanced tasks, select "Try to import all missing GPG keys" and click OK.

      You're done! As the warning dialog says when you start the operation, it may take quite a while (about 2 minutes for me) depending on how many PPA's you have and the speed of your connection.

    • 256

  3. It happens when you don't have a suitable public key for a repository.

    To solve this problem use this command:

    gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 9BDB3D89CE49EC21

    which retrieves the key from ubuntu key server. And then this:

    gpg --export --armor 9BDB3D89CE49EC21 | sudo apt-key add -

    which adds the key to apt trusted keys.

    The solution can be found here & here & here.

    • 78

  4. You need to get and import the key.

    To get the key from a PPA, visit the PPA's Launchpad page. On every PPA page at Launchpad you will find this link (2), after clicking on 'Technical details about this PPA' (1):

    image 1

    Follow it and click on the key ID link (3):

    image 2

    Save the page, this is your key file.

    Now it's time to import it:

    • Applications > Software Center,
    • Edit > Software sources...,
    • Enter your password,
    • Go to the Authentication tab and click on Import Key File..., finally
    • Select the saved key file and click on OK.
    • 38

  5. apt can only handle 40 keys in /etc/apt/trusted.gpg.d . 41 keys and you will get the GPG error "no public key found" even if you go through all the steps to add the missing key(s).

    Check to see if there are any unused keys in this file from ppa(s) you no longer use. If all are in use, consider removing some ppa(s) along with the corresponding keyfiles in /etc/apt/trusted.gpg.d

    Furthermore, using 

    sudo apt-key adv

    Is considered a security risk and is not recommended as you are "undermining the whole security concept as this is not a secure way of recieving keys for various reasons (like: hkp is a plaintext protocol, short and even long keyids can be forged, …)". http://ubuntuforums.org/showthread.php?t=2195579

    I believe the correct way to add missing keys (for example 1ABC2D34EF56GH78) is 

    gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 1ABC2D34EF56GH78
gpg --export --armor 1ABC2D34EF56GH78 | sudo apt-key add -
    • 16

  6. There is a tiny script packaged in the WebUpd8 PPA which I'll link as a single .deb download so you don't have to add the whole PPA - which automatically imports all missing GPG keys.

    Download and install Launchpad-getkeys (ignore the ~natty in its version, it works with all Ubuntu versions from Karmic all the way to Oneiric). Once installed, open a terminal and type:

    sudo launchpad-getkeys

    If you're behind a proxy, things are a bit more complicated so see this for more info

    • 12

  7. I faced the same issue while installing Heroku. The link below solved my problem -

    http://naveenubuntu.blogspot.in/2011/08/fixing-gpg-keys-in-ubuntu.html

    After fixing the NO_PUBKEY issue, the below issue remained

    W: GPG error: xhttp://toolbelt.heroku.com ./ Release: The following signatures were invalid: BADSIG C927EBE00F1B0520 Heroku Release Engineering <[email protected]>

    To fix it I executed the following commands in terminal: 

    sudo -i  
apt-get clean  
cd /var/lib/apt  
mv lists lists.old  
mkdir -p lists/partial  
apt-get clean  
apt-get update

    Source - Link to solve it

    • 6

  8. More generally, the following method should work for every repository. First of all search, with eventual help of a search engine, for a text on the program provider's website looking like the following:

    -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (GNU/Linux)
[...]
-----END PGP PUBLIC KEY BLOCK-----

    Such a text is for example displayed on http://deb.opera.com. Copy the passage, paste it in an empty file that you create on your desktop. This results in the key file.

    Then continue with the importation of the key:

    • Applications > Sofware Center
    • Edit > Sofware sources..., enter password
    • Authentication tab, click on 'Import Key File...'
    • Select the saved key file and click on 'Ok'.

    You may now remove the previously created key file.

    • 5

  9. Make sure you have apt-transport-https installed:

    dpkg -s apt-transport-https > /dev/null || bash -c "sudo apt-get update; 
sudo apt-get install apt-transport-https -y"

    Add repository:

    curl https://repo.skype.com/data/SKYPE-GPG-KEY | sudo apt-key add - 
echo "deb [arch=amd64] https://repo.skype.com/deb stable main" | sudo tee /etc/apt/sources.list.d/skype-stable.list

    Install Skype for Linux:

    sudo apt-get update 
sudo apt-get install skypeforlinux -y

    Source: https://community.skype.com/t5/Linux/Skype-for-Linux-Beta-signatures-couldn-t-be-verified-because-the/td-p/4645756

    • 5

  10. Good! I finaly found the way!

    I've tested all method's to fix GPG error NO_PUBKEY and nothing working for me.

    I've deleted the entire contents of the folder /etc/apt/trusted.gpg.d

    cd /etc/apt/trusted.gpg.d
sudo rm -R *
sudo apt-get update

    And I use the Y-PPA-Manager method because I'm too lazy to create all pubkey's manually (too many): http://www.unixmen.com/fix-w-gpg-error-no_pubkey-ubuntu/

    run sudo apt-get update again and finaly all work great now! Tanks!

    Based Source : post #17 on https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1263540

    • 4