How do I use the new signed-by method for apt?

Download the key: curl -fsSL https://repo.example.com/key.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/example.gpg. In the sources list: deb [signed-by=/etc/apt/keyrings/example.gpg] https://repo.example.com stable main.

Can I extend a GPG key expiration?

Only the key owner can extend expiration by editing the key (gpg --edit-key KEY_ID > expire). As an end user, you need to import the updated key from the key owner or keyserver.

GPG Key Expired — Package Signature Verification and Key Management Errors

Warningsecurity

Overview

Fix GPG key expired errors that prevent package installation, repository updates, and signature verification on Linux systems.

Key Details

GPG (GNU Privacy Guard) keys are used to sign and verify packages, repositories, and files
Package managers (apt, yum/dnf) verify repository signatures using GPG keys
Keys have expiration dates and must be renewed or replaced when they expire
Expired keys cause 'EXPKEYSIG' or 'NO_PUBKEY' errors during package updates
Third-party repository keys are the most common source of expired key issues

Common Causes

Repository GPG signing key expired and the system has the old key cached
Third-party repository has not been updated with the new key
System date is incorrect, making valid keys appear expired
GPG key was not properly added when the repository was configured

Steps

1Identify the expired key: the error message includes the key ID (e.g., EXPKEYSIG 1234ABCD)
2Refresh the key from the keyserver: 'sudo gpg --keyserver keyserver.ubuntu.com --recv-keys KEY_ID'
3For apt: 'sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com KEY_ID' (deprecated) or use signed-by
4Check system date: 'date' — if incorrect, fix with 'sudo timedatectl set-ntp true'
5For persistent issues: download the current key from the repository's website and add it manually

More in Security

windows-defender-errorsWindows Defender Errors — Antivirus Not Working or Updating

Error

windows-error-0x80073b01-defender-serviceWindows Error 0x80073B01 — Windows Defender Service Failed to Start

Error

windows-bitlocker-recovery-key-errorsBitLocker Recovery Key Errors — Drive Locked and Recovery Key Not Found

Critical

mac-gatekeeper-app-blockedMac Gatekeeper — App Cannot Be Opened (Unidentified Developer)

Warning

mac-filevault-recovery-errorsMac FileVault Errors — Encryption, Decryption & Recovery Key Issues

Error

mac-keychain-errors-passwordsMac Keychain Errors — Password Prompts, Locked Keychain, and Repair Guide

Warning

Frequently Asked Questions

Not recommended. GPG verification ensures packages are from trusted sources and have not been tampered with. Ignoring key errors (--allow-unauthenticated) bypasses this security check and could allow malicious packages.

GPG Key Expired — Package Signature Verification and Key Management Errors

Overview

Key Details

Common Causes

Steps

Tags

Related Items

More in Security

Frequently Asked Questions