I accidentally deleted my Ubuntu Jammy Public Key! (Server) NO_PUBKEY 871920D1991BC93C

scott · January 24, 2025, 12:16pm

Ubuntu 22.04.5 LTS jammy - Server

Hi all, I was uninstalling Zoneminder CCTV software, following apt’s removal, I manually searched for and deleted left-over files. When I was deleting the public keys I accidentally deleted an Ubuntu system public key too. oops… Hands up, it was my fault.

Now I see this:

$ sudo apt update
Hit:1 http://gb.archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://gb.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:3 http://gb.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:4 http://gb.archive.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Err:1 http://gb.archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:2 http://gb.archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:3 http://gb.archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:4 http://gb.archive.ubuntu.com/ubuntu jammy-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Fetched 384 kB in 1s (434 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
11 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://gb.archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://gb.archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://gb.archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://gb.archive.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Failed to fetch http://gb.archive.ubuntu.com/ubuntu/dists/jammy/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Failed to fetch http://gb.archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Failed to fetch http://gb.archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Failed to fetch http://gb.archive.ubuntu.com/ubuntu/dists/jammy-security/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: Some index files failed to download. They have been ignored, or old ones used instead.

I’ve downloaded the correct asc file to a temp location on my server: f6ecb3762474eda9d21b7022871920d1991bc93c.asc

What do I do now to re-install it?

Cheers, Scott.

fprietog · January 24, 2025, 3:04pm

You should place the asc file in /etc/apt/trusted.gpg.d/ (or you can use the apt-key add command but it is deprecated).

This is the apt-key add command related manual entry:

   add filename (deprecated)

       Add a new key to the list of trusted keys. The key is read from the filename given with the parameter filename or if the
       filename is - from standard input.

       It is critical that keys added manually via apt-key are verified to belong to the owner of the repositories they claim
       to be for otherwise the apt-secure(8) infrastructure is completely undermined.

       Note: Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a
       descriptive name and either "gpg" or "asc" as file extension.

scott · January 24, 2025, 5:02pm

Thank you,

I tried the depreciated method, and it has worked out well!

To help others in the future as daft as me, after copying the file in to the location /etc/apt/trusted.gpg.d, the command used was:

/etc/apt/trusted.gpg.d$ sudo apt-key add f6ecb3762474eda9d21b7022871920d1991bc93c.asc

I’ll take more care next time!

Many thanks, Scott.

rubi1200 · January 24, 2025, 9:08pm

Please mark this with the solution. It helps with visibility and searchability.

Additionally, it also gives credit to the user who helped (when relevant).

Thanks.

scott · January 24, 2025, 10:09pm

Thank you for the tip, I have done this now.

Much appreciated, many thanks.