During the update of apt-cache or packages installation with the apt package manager, I get the signature expiration message (EXPKEYSIG 8C718D3B5072E1F5). This means that the gpg signature key is expired.
Here is logs on my Debian 9 system:
sudo apt update Hit:1 http://security.debian.org stretch/updates InRelease Get:2 http://repo.mysql.com/apt/debian stretch InRelease [19.2 kB] Hit:3 https://deb.nodesource.com/node_10.x stretch InRelease Err:2 http://repo.mysql.com/apt/debian stretch InRelease The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering Hit:4 https://packages.sury.org/php stretch InRelease Ign:5 http://mirrors.digitalocean.com/debian stretch InRelease Get:6 http://mirrors.digitalocean.com/debian stretch-updates InRelease [91.0 kB] Hit:7 http://mirrors.digitalocean.com/debian stretch Release Reading package lists... Done ... ...
Use the following command to list all keys configured for apt on your system.
sudo apt-key list
You will see the expired key like this.
Now, update the expired key by running the below command. Here 8C718D3B5072E1F5 is the key was expired on my system.
sudo apt-key adv --keyserver keys.gnupg.net --recv-keys 8C718D3B5072E1F5
You must change 8C718D3B5072E1F5 with the expired key on your system.
sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys TYYUGHGGH
This one worked for me, posted By Jose Antonio. So thankful
apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
Executing: /tmp/apt-key-gpghome.HyyVEkmH7h/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
gpg: keyserver receive failed: No name
The following signatures were invalid: EXPKEYSIG 8C718D3B5072E1F5 MySQL Release Engineering
can you help me ?
I am still getting the error –
sudo apt-get update
Hit:1 https://deb.nodesource.com/node_12.x focal InRelease
Hit:2 http://in.archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://in.archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://in.archive.ubuntu.com/ubuntu focal-backports InRelease
Get:5 http://deb.anydesk.com all InRelease [5,588 B]
Err:5 http://deb.anydesk.com all InRelease
The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
Hit:6 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:7 http://security.ubuntu.com/ubuntu focal-security InRelease
Ign:8 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 InRelease
Get:9 https://dl.packager.io/srv/deb/opf/openproject/stable/11/ubuntu 20.04 Release
Reading package lists… Done
W: GPG error: http://deb.anydesk.com all InRelease: The following signatures were invalid: EXPKEYSIG 18DF3741CDFFDE29 philandro Software GmbH
E: The repository ‘http://deb.anydesk.com all InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
Executing: /tmp/apt-key-gpghome.TB1lr2fkDL/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 18DF3741CDFFDE29
gpg: keyserver receive failed: Server indicated a failure
Thanks for this valuable advice. I had to change the keyserver to hkp://keyserver.ubuntu.com:80 as suggested by Jose Antonio to renew skype key. Worked like a charm.
It works for me!!Thank you!
Thanks so much Rahul. This was helpful but actually the result was that nothing was changed, not with the particular key that had expired in my case. The actual problem was that the key was still valid but the expiration date had to be updated. See https://www.bentoh.my/post/gpg-key-problem/.
useful from Taiwan.
Thank you! Greetings from Brazil.
Its not work on keys for Debian 6. All keyserver provides expired keys.
It worked!! Thank you so much!!
Worked like a charm, thanks!
This worked for me. Thanks
Thanks a lot! This really help me!
If you got this error:
gpg: failed to start the dirmngr ‘/usr/bin/dirmngr’: No such file or directory
Simply install dirmngr:
And execute the command again.
Thanks for this awesome hack.
Hola, al seguir tus instrucciones me daba lo siguiente:
sudo apt-key adv –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
Executing: /tmp/apt-key-gpghome.EjjsPBXR9j/gpg.1.sh –keyserver keys.gnupg.net –recv-keys 8C718D3B5072E1F5
gpg: keyserver receive failed: Connection refused
Lo solucioné de la siguiente manera:
sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys 5072E1F5
Your solution works like a charm : ). Thanks for taking the time to publish it out there.
Fue de gran ayuda. Muchas gracias !!!