922


This answer was valid for Ubuntu 20.04 and previous versions. For Ubuntu 20.10 and later versions, see this answer on StackOverflow.
The short version is:

sudo mkdir -m 0755 -p /etc/apt/keyrings/ 

wget -O- https://example.com/EXAMPLE.gpg |
    gpg --dearmor |
    sudo tee /etc/apt/keyrings/EXAMPLE.gpg > /dev/null
    sudo chmod 644 /etc/apt/keyrings/EXAMPLE.gpg

echo "deb [signed-by=/etc/apt/keyrings/EXAMPLE.gpg] https://example.com/apt stable main" |
    sudo tee /etc/apt/sources.list.d/EXAMPLE.list
    sudo chmod 644 /etc/apt/sources.list.d/EXAMPLE.list

# Optional (you can find the email address / ID using 'apt-key list')
sudo apt-key del support@example.com
 Save
Original answer:
Execute the following commands in terminal

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>
 Save
where <PUBKEY> is your missing public key for repository, e.g. 8BAF9A6F.

Then update

sudo apt-get update
 Save
ALTERNATE METHOD:

sudo gpg --keyserver pgpkeys.mit.edu --recv-key  <PUBKEY>
sudo gpg -a --export <PUBKEY> | sudo apt-key add -
sudo apt-get update
 Save
Note that when you import a key like this using apt-key you are telling the system that you trust the key you're importing to sign software your system will be using. Do not do this unless you're sure the key is really the key of the package distributor.

Share
Improve this answer
Follow
edited Dec 4, 2023 at 10:15

terdon
101k1515 gold badges200200 silver badges302302 bronze badges
answered Nov 28, 2010 at 18:49

karthick87
82.1k6161 gold badges195195 silver badges233233 bronze badges
16
You can simply pass NO_PUBKEY value as keys parameter. for example GPG error[...]NO_PUBKEY 3766223989993A70 => sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3766223989993A70 – 
S.M.Mousavi
 Feb 19, 2014 at 19:40
34
8BAF9A6F <-- where did you get that number? – 
Olivier Lalonde Mar 9, 2014 at 12:49
18
The number 8BAF9... is what you see in the original error. It would be something like NO_PUBKEY 8BAF... – 
Alex
 Oct 10, 2014 at 19:56
14
If someone tampered with data between me and the repository, and substituted stuff they'd signed, this would wind up with me just adding the key they used, more or less blindly. So what's the process to verify that the key is the right one? – 
mc0e
 May 20, 2015 at 15:37
9
State on 2022.08.28 on jammy: Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). – 
s.k
 Aug 28, 2022 at 8:39
Show 14 more comments

261


By far the simplest way to handle this now is with Y-PPA-Manager (which now integrates the launchpad-getkeys script with a graphical interface).

To install it, first add the webupd8 repository for this program:

sudo add-apt-repository ppa:webupd8team/y-ppa-manager
 Save
Update your software list and install Y-PPA-Manager:

sudo apt-get update
sudo apt-get install y-ppa-manager
 Save
Run y-ppa-manager (i.e. type y-ppa-manager then press enter key).

When the main y-ppa-manager window appears, click on "Advanced."

From the list of advanced tasks, select "Try to import all missing GPG keys" and click OK.

You're done! As the warning dialog says when you start the operation, it may take quite a while (about 2 minutes for me) depending on how many PPA's you have and the speed of your connection.

Share
Improve this answer
Follow
edited Jun 12, 2020 at 14:37

CommunityBot
1
answered Dec 4, 2013 at 15:52

monotasker
3,67511 gold badge1818 silver badges1515 bronze badges
43
Not really useful in a webserver, as this installs X11. Don't use this method if you're on a server edition, check karthick87's answer! – 
goncalotomas
 Feb 11, 2016 at 20:13
2
Does this allow to verify the keys which are imported, or are you simply blindly importing everything (and therefore trusting everyone who has a PPA)? – 
Paŭlo Ebermann Sep 6, 2016 at 10:36
3
You're importing (and trusting) the keys for every PPA you've added to your system. The assumption is that you trust those PPA's and have checked them out before you added them via apt. – 
monotasker
 Sep 6, 2016 at 14:25
7
This answer is easier by far, and actually requires fewer commands than this "graphical" answer. – 
jpaugh
 Jul 27, 2017 at 19:37
2
But the question asked for a graphical method. – 
monotasker
 Jul 28, 2017 at 22:30
Show 13 more comments

95


It happens when you don't have a suitable public key for a repository.

To solve this problem use this command:

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 9BDB3D89CE49EC21
 Save
which retrieves the key from ubuntu key server. And then this:

gpg --export --armor 9BDB3D89CE49EC21 | sudo apt-key add -
 Save
which adds the key to apt trusted keys.