Apt-get package management uses public key cryptography to authenticate downloaded packages.
Validation of Release File and Packages
Secure apt now verifies the Release file, which is updated each time any of the packages in the archive change. The Release file itself contains, among other things, md5 checksums of other files in the archive. If it cannot download the Release.gpg, or if the signature is bad, it will complain, and will make note that the Packages files that the Release file points to, and all the packages listed therein, are from an untrusted source.
Here’s what that looks like:
W: GPG error: http://ftp.us.debian.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
If you ignore that warning and try to install a package later, apt will warn again:
WARNING: The following packages cannot be authenticated! libglib-perl libgtk2-perl Install these packages without verification [y/N]?
The material on this wiki is available under a free license, see Copyright / License for details You can contribute to this wiki, see Wiki Guide for details
In this tutorial we learn how to install add-apt-key on Ubuntu 22.04.
What is add-apt-key
The command add-apt-key provides a convenient command line interface which will add a new GPG key to your APT keyring.
Those who are more graphically inclined may prefer the package gui-apt-key.
There are three ways to install add-apt-key on Ubuntu 22.04. We can use apt-get , apt and aptitude . In the following sections we will describe each method. You can choose one of them.
Install add-apt-key Using apt-get
Update apt database with apt-get using the following command.
After updating apt database, We can install add-apt-key using apt-get by running the following command:
sudo apt-get -y install add-apt-key
Install add-apt-key Using apt
Update apt database with apt using the following command.
After updating apt database, We can install add-apt-key using apt by running the following command:
sudo apt -y install add-apt-key
Install add-apt-key Using aptitude
If you want to follow this method, you might need to install aptitude first since aptitude is usually not installed by default on Ubuntu. Update apt database with aptitude using the following command.
A common security measure implemented by APT repository maintainers is to sign the packages they distribute. This ensures that the packages you are installing are the authorized and unmodified packages issued by the package maintainers an no one else.
It can be a little confusing how to import the key into APT to install the new package in the first place. Here’s the easy way.
I just had to installed the excellent web log analyzer GoAccesss so I will use it as an example.
The first error was APT telling me that there was no GPG public key on my server for the GoAccess repository:
$ sudo apt update Get:5 http://deb.goaccess.io buster InRelease [2,336 B] Err:5 http://deb.goaccess.io buster InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 97BD1A0133449C3D Reading package lists. Done W: GPG error: http://deb.goaccess.io buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 97BD1A0133449C3D E: The repository 'http://deb.goaccess.io buster InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.
Your first step here is to find the public key for the repository. A search for “ public key” should get you the link you need. The GoAccess public key URL is https://deb.goaccess.io/gnugpg.key
Once you have the line use the following command to import the key:
