Public key is not available: NO_PUBKEY 871920D1991BC93C

Ubuntu Version: 22.04.02 LTS

Desktop Environment (if applicable): KDE Plasma

Problem Description: With apt update I get error messages all related to the same public key

Relevant System Information:

Screenshots or Error Messages:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com/ubuntu-ports noble InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: http://ports.ubuntu.com/ubuntu-ports noble InRelease is not (yet) available (The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com/ubuntu-ports noble-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: http://ports.ubuntu.com/ubuntu-ports noble-updates InRelease is not (yet) available (The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ports.ubuntu.com/ubuntu-ports noble-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: http://ports.ubuntu.com/ubuntu-ports noble-security InRelease is not (yet) available (The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C)

What I’ve Tried:

I searched and found the same problem in different places. Mostly the solution provided is using apt-key add but this is depricated now. I have tried a lot of things but I hasn’t helped. What I have done is:
sudo gpg --keyserver keyserver.ubuntu.com --recv-key 871920D1991BC93C

but the key seems to be already there:

gpg: key 871920D1991BC93C: "Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

The contents of /etc/apt/sources.list.d/ubuntu.sources is as follows:

Types: deb
URIs: http://ports.ubuntu.com/ubuntu-ports/
Suites: noble noble-updates noble-security
Components: main restricted universe multiverse
Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg

contents of /usr/share/keyrings

docker.gpg                          ubuntu-master-keyring.gpg   ubuntu-pro-esm-infra.gpg
ubuntu-archive-keyring.gpg          ubuntu-pro-anbox-cloud.gpg  ubuntu-pro-fips-preview.gpg
ubuntu-archive-removed-keys.gpg     ubuntu-pro-cc-eal.gpg       ubuntu-pro-fips.gpg
ubuntu-cloudimage-keyring.gpg       ubuntu-pro-cis.gpg          ubuntu-pro-realtime-kernel.gpg
ubuntu-cloudimage-removed-keys.gpg  ubuntu-pro-esm-apps.gpg     ubuntu-pro-ros.gpg

contents of /etc/apt/trusted.gpg.d

riot.gpg~           ubuntu-keyring-2012-cdimage.gpg~  ubuntu-ports.gpg
ubuntu-archive.gpg  ubuntu-keyring-2018-archive.gpg~  ubuntu.gpg~

I don’t know why there are keys in different places and what I am supposed to do to make apt use the public key I seem to have already.

apt update shows the errors above.

thanks for your help,
Richard

Hello and welcome!

You wrote that you are on Jammy Jellyfish (22.04.02 LTS) but your sources point at Noble Numbat

You may first check and maybe clean up your sources.

Thank you g-schick, I must have made a mistake (it was late in the evening). I am on 24.04.2 LTS.

cat /etc/os-release
PRETTY_NAME="Ubuntu 24.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="24.04"
VERSION="24.04.2 LTS (Noble Numbat)"
VERSION_CODENAME=noble

So my sources are pointing to the right version.
It is maybe good to know that I am running this in a virtual machine for about half a year now and the original image was 22.04. Updates were always installed without problems until recently.

I found out that in Discover, under the tab Authentication I can point to a .gpg key file but I have tried all three mentioned locations but it still doesn’t work.

with sudo apt-key export 991BC93C I have the key. I am just confused where apt-key gets it from in combination with the message that apt-key is depricated and we should manage keyring files in trusted.gpg.d instead.
Looking in trusted.gpg.d I see two gpg file that are 0 bytes. I guess this is not normal?

-rw-r--r-- 1 root root 6352 May 11 16:36 riot.gpg~
-rw-r--r-- 1 root root    0 May 11 16:34 ubuntu-archive.gpg
-rw-r--r-- 1 root root 3176 May 10 16:59 ubuntu-keyring-2012-cdimage.gpg~
-rw-r--r-- 1 root root 1167 May 11 16:29 ubuntu-keyring-2018-archive.gpg~
-rw-r--r-- 1 root root    0 May 11 16:34 ubuntu-ports.gpg
-rw-r--r-- 1 root root 1167 May 11 16:58 ubuntu.gpg~

My question remains, how can I make apt (or Discover) use the public key I seem to have already? Where is the key placed when you run gpg --keyserver keyserver.ubuntu.com --recv-key?

First: I’m not experienced with keyrings and similar things but I like to learn new things and try to figure out.

Your ubuntu.sources seems to look for the key for these sources in /usr/share/keyrings/ubuntu-archive-keyring.gpg.
Not sure but I think you can inspect this file and look for the public key id executing
sudo gpg --list-packets /usr/share/keyrings/ubuntu-archive-keyring.gpg | grep 871920D1991BC93C
Is the key contained in this keyring file?

The key is not in there. Executed your suggestion but grep returns nothing. So that must be the problem. But: now I found the way to add the key in there with the following

sudo gpg --keyserver hkp://keyserver.ubuntu.com --no-default-keyring --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg --recv-keys 871920D1991BC93C

and now it works!
Gerhard, thanks for your time and help

2 posts were split to a new topic: Problems Updating: Signature Keys

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.