Ubuntu GPG Invalid Signatures: Proven Fix (2026)
Table of Contents
- 1. Root Cause
- 2. Update GPG Keys Manually
- 3. Refresh Repository Keys with apt-key
- 4. Use the Keyserver to Fetch Missing Keys
- 5. Delete and Re-add the Repository
- 6. Check System Date and Time
- 7. Clear APT Cache and Update
- 8. Reinstall the Keyring Package
- 9. Verify Repository URL Correctness
- 10. Advanced: Manually Import GPG Key
- 11. Frequently Asked Questions
- 12. Conclusion
Ubuntu gpg error invalid signatures is a common problem that appears during sudo apt update. It prevents you from updating your package lists.
When the ubuntu gpg error invalid signatures occurs, the system cannot verify repository authenticity. This proven fix guide provides effective solutions to resolve GPG signature verification failures on Ubuntu and Debian.
Quick Fix: Run sudo apt-key list to see available keys. Then use sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEY-ID> to fetch the missing key. Finally, run sudo apt update again. If the key is expired, update it with sudo apt-key adv --keyserver keyserver.ubuntu.com --update <KEY-ID>.
1. Root Cause
When the ubuntu gpg error invalid signatures appears, the APT system cannot verify the authenticity of a repository. GPG signatures ensure packages come from trusted sources.
The most common cause is an expired GPG key. Repository keys have expiration dates for security reasons. When a key expires, the signature becomes invalid and the error appears.
Another frequent cause is a missing public key. This happens when you add a new repository without importing its GPG key. The system has no key to verify the repository’s signature.
Incorrect system date and time can also cause signature verification to fail. GPG checks timestamps against the current system time. If the date is wrong, signatures appear invalid.
Understanding these root causes helps you choose the right fix. According to Ubuntu’s Secure APT documentation, GPG errors require key management to resolve.
2. Update GPG Keys Manually
The simplest fix for the ubuntu gpg error invalid signatures is to manually update the GPG keys. This refreshes expired keys and fetches missing ones.
sudo apt-key list
sudo apt-key adv --keyserver keyserver.ubuntu.com --update <KEY-ID>First, list all keys to identify the problematic one. Look for expired or missing keys in the error message. Then update the specific key using the keyserver. After updating, run sudo apt update to test.
Outcome: Updating GPG keys manually resolves the ubuntu gpg error invalid signatures issue.
3. Refresh Repository Keys with apt-key
The apt-key command can refresh all repository keys. This is a quick fix for the ubuntu gpg error invalid signatures problem.
sudo apt-key refreshThis command contacts the keyserver and updates any expired keys. It is a simple and effective solution for multiple expired keys. The apt-key manual page confirms this command refreshes all keys.
Outcome: Refreshing keys resolves the ubuntu gpg error invalid signatures issue.
4. Use the Keyserver to Fetch Missing Keys
If a key is completely missing, fetching it from the keyserver can resolve the ubuntu gpg error invalid signatures error.
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEY-ID>The key ID is shown in the error message. It appears as a hex string like ABCD1234. Replace <KEY-ID> with the actual ID. After fetching, run sudo apt update to verify.
Outcome: Fetching missing keys resolves the ubuntu gpg error invalid signatures issue.
5. Delete and Re-add the Repository
Removing and re-adding the problematic repository can fix the ubuntu gpg error invalid signatures error. This forces the system to re-import the key.
sudo add-apt-repository --remove <repository>
sudo add-apt-repository <repository>
sudo apt updateReplace <repository> with the actual repository string (e.g., ppa:example/app). This method is effective for PPAs that have changed their signing keys.
Outcome: Removing and re-adding the repository resolves the ubuntu gpg error invalid signatures issue.
6. Check System Date and Time
Incorrect system date and time can cause the ubuntu gpg error invalid signatures error. GPG checks timestamps against the current time.
date
sudo timedatectl set-ntp true
sudo timedatectl set-time <YYYY-MM-DD HH:MM:SS>Check the current date and time. If it is incorrect, enable NTP (Network Time Protocol) to automatically sync. Alternatively, set the time manually. After correcting, run sudo apt update.
Outcome: Correcting the system time resolves the ubuntu gpg error invalid signatures issue.
7. Clear APT Cache and Update
A corrupted APT cache can cause the ubuntu gpg error invalid signatures error. Clearing it may resolve the issue.
sudo apt-get clean
sudo apt-get updateThis removes all cached package files. Then the system refreshes the package lists. This ensures the system uses fresh data for verification.
Outcome: Clearing the APT cache resolves the ubuntu gpg error invalid signatures issue.
8. Reinstall the Keyring Package
Some repositories provide a keyring package. Reinstalling it can fix the ubuntu gpg error invalid signatures error.
sudo apt install --reinstall <keyring-package>For example, the Ubuntu archive keyring is ubuntu-keyring. For third-party repositories, check their documentation for the keyring package name.
Outcome: Reinstalling the keyring package resolves the ubuntu gpg error invalid signatures issue.
9. Verify Repository URL Correctness
An incorrect repository URL can cause the ubuntu gpg error invalid signatures error. The repository may have moved or changed.
cat /etc/apt/sources.list
ls /etc/apt/sources.list.d/Check the repository URLs in /etc/apt/sources.list and /etc/apt/sources.list.d/. Ensure they are correct and point to active repositories. If the URL is wrong, update it.
Outcome: Correcting the repository URL resolves the ubuntu gpg error invalid signatures issue.
10. Advanced: Manually Import GPG Key
If keyserver fetching fails, manually importing the GPG key can resolve the ubuntu gpg error invalid signatures error. This is an advanced method.
wget -qO- https://example.com/key.gpg | sudo apt-key add -
sudo apt updateDownload the GPG key from the repository’s website. Use wget to download and apt-key add to import it. This method bypasses keyserver issues.
Outcome: Manually importing the GPG key resolves the ubuntu gpg error invalid signatures issue.
11. Frequently Asked Questions
What causes the Ubuntu GPG invalid signatures error?
This error occurs when APT cannot verify a repository’s GPG signature due to expired keys, missing keys, incorrect system time, or repository configuration issues.
How do I fix GPG invalid signatures on Ubuntu?
Update the GPG key with sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEY-ID> or run sudo apt-key refresh.
What does “GPG error: The following signatures were invalid” mean?
It means APT found a signature that cannot be verified. This is usually due to an expired or missing GPG key.
Can incorrect system time cause GPG errors?
Yes, GPG checks signatures against the system time. If the time is incorrect, signatures may appear invalid.
How do I list GPG keys in Ubuntu?
Run sudo apt-key list to see all imported GPG keys.
What is a keyserver for GPG keys?
A keyserver is a public server that stores and distributes GPG keys. Ubuntu uses keyserver.ubuntu.com by default.
How do I refresh all GPG keys on Ubuntu?
Run sudo apt-key refresh to update all expired keys from the keyserver.
Can I remove and re-add a repository to fix GPG errors?
Yes, removing and re-adding the repository with sudo add-apt-repository often resolves GPG signature issues.
Why does my GPG key show as expired?
Repository keys have expiration dates for security. When expired, the system cannot verify signatures until the key is updated.
What should I do if none of these methods work?
Manually download and import the GPG key using wget and apt-key add. If that fails, check the repository’s official documentation for specific instructions.
12. Conclusion
The ubuntu gpg error invalid signatures issue can be resolved through systematic GPG key management. From updating keys to manually importing them, this proven fix guide covers all practical approaches. If the problem persists, check the repository’s official documentation.
For more Linux troubleshooting, explore our Linux Hub and guides on Ubuntu failed to fetch apt update, Ubuntu broken packages fix, and Ubuntu no Wi-Fi adapter found. With patience and the right approach, you can overcome the ubuntu gpg error invalid signatures problem and keep your system secure and up to date.
Pingback: Debian Invalid Signatures: Proven Fix Guide (2026)
Pingback: Manjaro Keyring Not Initialized: Proven Fix Guide (2026)
Pingback: openSUSE Zypper Lock Error: Proven Fix Guide (2026)