Serverspace Technologies in the UAE: Launch of Falconcloud
April 12, 2024
Updated April 12, 2024

GPG error troubleshooting

Linux Security

When interacting with software, as if in a Linux or Windows environment, a digital signature is used to authenticate the software package. It is a hashed payload message, which is additionally encrypted with a private key in a second preparation step. Thus, the private key ensures the authenticity and the hash the integrity of the transmitted message. But it happens that in the work of any software there are errors, let's consider possible on the example of GPG crypto-packet!

How to fix GPG error "NO_PUBKEY"?

It's a fairly common problem when updating a repository, when after a package manager command with the update function, a similar problem is thrown:

Apt issue
Screenshot №1 — Apt issue

The error states that the public key 160D26BB1785BA38 was not found for the mongodb-org repository, which is used to verify the digital signature on packages in the repository. By default, Linux distributions do not allow installing packages without the corresponding key.

On the servers Serverspace cloud platform, also used keys to identify package by default. That provide seamless deployment, also you can skip this step if you have a cloud server. To create the node we need to find the cloud platform from the left menu which you can choose depending on your requirement. We choose vStack or VMware platform and click on Create Server button.

Create machine
Screenshot №2 — Create machine

It will take some time to deploy server capacity. After that you can connect in any of the convenient ways. Let's return to our terminal with issue and explain nature of them.

Since Linux distributions do not allow you to install packages without a public key, you need to add one. There are two ways: find a file with a public key on the company's website or use a key server. For the first way, let's find the key on the company's website.

Solution with site of provider
Screenshot №3 — Solution with site of provider

It suggests downloading the key via HTTPS, which may be a secure solution as the authentication center validates the authenticity of the site through a certificate and TLS provides a confidential channel to transmit the message.

This stage is considered to be the most vulnerable when transmitting the public key, as its spoofing can allow an intruder to sign illegitimate packets with its key.

If we trust the CA, then this method is convenient. Let's execute the command to install the necessary software:

apt install gnupg curl

And then download the necessary package by converting asc to gpg format, saving it in the folder /usr/share/keyrings/mongo.gpg. To do this, run the command:

curl -fsSL \
| sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor

Or we can perform this action with the help of a key server, knowing the public key identifier. The error shows the sequence 160D26BB1785BA38, which is the key identifier. Let's address the server with the command:

sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/mongo.gpg --keyserver --recv-keys 160D26BB1785BA38
Second solution
Screenshot №4 — Second solution

In this case, we are requesting keys from an official server that has signed them and confirmed the integrity of the keys. Parameters in the command:

  • --no-default-keyring --keyring allows you to define a new keyring that will be separate from the primary keyring;
  • --keyserver allows you to specify the server that will be used to request the key. You can specify any server you trust;
  • --recv-keys specifies the identifier of the requested key.

Now we need to write the path to the key in the list of repositories, to communicate with each other. To do this, let's go to the file:

echo "deb [ signed-by=/usr/share/keyrings/mongo.gpg ] bookworm/mongodb-org/7.0 main"  > /etc/apt/sources.list.d/mongodb-server-7.0
Record for repository
Screenshot №5 — Record for repository

After that, you need to update the list of repositories with the command:

apt update
Screenshot №6 — Update

As you can see on the screenshot, the repository has been Hit, so it is now available for downloading packages. However, after adding a key, there may be a warning about the danger of using such a key.

GPG: There is no indication that the signature belongs to the owner.

The point is that GPG uses a policy similar to certificate authorities. For a key to be considered trusted, it must be downloaded from a key server. Or the same key must be signed by a trusted key, which means it is in the trusted.gpg database with a trust level of 4-5. So, when signing such notifications are absolutely normal, but it is necessary to double-check the owners, hash sums. They will make sure that the integrity of the data transmitted from the servers.

Second issue
Screenshot №7 — Second issue

If you are sure that the keys are legitimate, you should write the command:

gpg --edit-key 160D26BB1785BA38

Where instead of 160D26BB1785BA38, your key identifier will be specified, after which the menu of interaction with the key will open. It is necessary to specify the trust item and select the trust level:

Change record of key
Screenshot №8 — Change record of key

After that, the inscription will disappear when you use the key:

Result after changes
Screenshot №9 — Result after changes

Troubleshooting GPG errors is an important aspect of ensuring the security and stability of operating systems, especially in the Linux world. Understanding the causes and solutions to GPG issues helps ensure the integrity and authenticity of installed software and updates. By checking keys, updating repositories, and tweaking configuration files, issues can be effectively addressed. Remember, careful troubleshooting and following the recommendations of the community of experts will help you keep your system up and running and secure.

5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.