Apt key expired (with solution)

Today, running sudo apt update started throwing errors for apt.insync.io saying the key was invalid.

I ran sudo apt-key list and saw that the key expired today.

The solution was to just run the command shown on insync’s downloads page for adding a key as part of using a repository.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C

NOTE: The above key fragment was correct at the time of writing, but you should check the instructions on insync’s downloads page for the current key to use.

Hope that helps someone that sees this in the future too.

Should wait for an official message from the team… Adding some key recommended by a stranger to your system is not the best practice, exactly.

Thank you @mightyiam for reminding us of the security issue. But I personally think @ianmjones’s suggestion makes sense and I appreciate the help.

However, I do suggest people go to insync download page, then click “download”, then click “Repositories” and then reset the new GPG key based on the description on that page.

Looks like it works. Thanks.

My bad, I should have mentioned that the key fragment could change and should be checked, I’ve added a note.

Hi all!

First of all huge thank you to @ianmjones for posting the initial fix

If anyone is still encountering this errors, please run
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ACCAF35C

good day
I have had this same problem
I have linuxmint 19.3, with the error:

Err: 7 http://apt.insync.io/mint tricia InRelease
The following signatures were not valid: EXPKEYSIG A684470CACCAF35C Insynchq Inc services@insynchq.com

run the command indicating @ianmjones and it worked fine

Thank you very much and greetings from Buenos Aires

Hi!

My problem persist.
Linux mint 19.3
If I run:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ACCAF35C
or
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C
the result is same:
gpg: keyserver receive failed: Invalid argument

How to update expired key?
Thanks

Let me check this for you! Sorry about that, @Dalmat.

Could you run: sudo apt-key adv -v --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C and let me know what the output is?

Here is the output of the command:

Executing: /tmp/apt-key-gpghome.xmbw5SOGcM/gpg.1.sh -v --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C
gpg: no running Dirmngr - starting ‘/usr/bin/dirmngr’
gpg: waiting for the dirmngr to come up … (5s)
gpg: waiting for the dirmngr to come up … (4s)
gpg: connection to dirmngr established
gpg: keyserver receive failed: Invalid argument

Thank you for that. Let me forward to our Linux team and I’ll advise you accordingly.

Hi @Dalmat

It seems like the keyservers aren’t very stable. Can you save this file http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xa684470caccaf35c and then import the key using sudo apt-key add [KEY_FILENAME]?

sudo apt-key add ./insync.txt output:

gpg: invalid key resource URL ‘/tmp/apt-key-gpghome.XR0gk72rDX/home:ColinDuquesnoy.asc.gpg’
gpg: keyblock resource ‘(null)’: General error
gpg: key A040830F7FAC5991: 28 signatures not checked due to missing keys
gpg: key FC918B335044912E: 2 signatures not checked due to missing keys
gpg: key 423A2125D782A00F: 1 signature not checked due to a missing key
gpg: key A8AA1FAA3F055C03: 2 signatures not checked due to missing keys
gpg: key 83FBA1751378B444: 2 signatures not checked due to missing keys
gpg: key D530E028F59EAE4D: 1 signature not checked due to a missing key
gpg: key 3BDAAC08614C4B38: 1 signature not checked due to a missing key
gpg: key 6D975C4791E7EE5E: 1 signature not checked due to a missing key
gpg: key B5B116B72D0F61F0: 1 signature not checked due to a missing key
gpg: key 976B5901365C5CA1: 3 signatures not checked due to missing keys
gpg: key 6AF0E1940624A220: 4 signatures not checked due to missing keys
gpg: key 5A9A06AEF9CB8DB0: 4 signatures not checked due to missing keys
gpg: key 26F4EF8440618B66: 1 signature not checked due to a missing key
gpg: key 76D78F0500D026C4: 20 signatures not checked due to missing keys
gpg: key 7721F63BD38B4796: 2 signatures not checked due to missing keys
gpg: key A6616109451BBBF2: 12 signatures not checked due to missing keys
gpg: key 3EE67F3D0FF405B2: 13 signatures not checked due to missing keys
gpg: key 12C6ADA61C85BB5E: 1 signature not checked due to a missing key
gpg: key 2F7F0DA5FD5B64B9: 1 signature not checked due to a missing key
gpg: key 76F1A20FF987672F: 8 signatures not checked due to missing keys
gpg: 100 keys processed so far
gpg: key E58A9D36647CAE7F: 1 signature not checked due to a missing key
gpg: key A7E13D78E4A4F4F4: 1 signature not checked due to a missing key
gpg: key 2FAB19E7CCB7F415: 201 signatures not checked due to missing keys
gpg: key DFA175A75104960E: 1 signature not checked due to a missing key
gpg: key E481C081DB2A84F7: 1 signature not checked due to a missing key
gpg: key A684470CACCAF35C: 1 signature not checked due to a missing key
gpg: key 3B4FE6ACC0B21F32: 3 signatures not checked due to missing keys
gpg: key D94AA3F0EFE21092: 3 signatures not checked due to missing keys
gpg: key C8CAB6595FDFF622: 2 signatures not checked due to missing keys
gpg: key 871920D1991BC93C: 1 signature not checked due to a missing key
gpg: Total number processed: 119
gpg: skipped new keys: 119

But, no luck. sudo apt-get update output:

Fetched 5 539 B in 6s (945 B/s)
Reading package lists… Done
Building dependency tree
Reading state information… Done
3 packages can be upgraded. Run ‘apt list --upgradable’ to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://apt.insync.io/mint tricia InRelease: The following signatures were invalid: EXPKEYSIG A684470CACCAF35C Insynchq Inc services@insynchq.com
W: Failed to fetch http://apt.insync.io/mint/dists/tricia/InRelease The following signatures were invalid: EXPKEYSIG A684470CACCAF35C Insynchq Inc services@insynchq.com
W: Some index files failed to download. They have been ignored, or old ones used instead.

Thanks for assistance, do you have some other suggestion? I already tried uninstall/reinstall of program.

me too same error but after
sudo apt-key adv -v --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C
it worked

Hi all!

This should be fixed after we update the APT/YUM repos with 3.2.8 Thank you for your patience!

I am now on (manually installed) v 3.2.9.40883 and still have same problem: gpg: keyserver receive failed: Invalid argument.

Hi @Dalmat,

Please send your logs.db and out.txt to support@insynchq.com with the link to this post. The two files can be found on ~/.config/Insync. Thanks!

I followed the instructions on the download page:
sudo rpm --import https://d2t3ff60b2tol4.cloudfront.net/repomd.xml.key
The key is still expired:
zypper ref -r 2 --force
Forcing raw metadata refresh
Retrieving repository ‘insync’ metadata ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[]
Warning: The gpg key signing file ‘repomd.xml’ has expired.
Repository: insync
Key Name: Insynchq Inc services@insynchq.com
Key Fingerprint: AEEB94E9 C5A3B54E CFA4A66A A684470C ACCAF35C
Key Created: zo 11 sep 2016 18:53:21 CEST
Key Expires: do 10 sep 2020 18:53:07 CEST (EXPIRED)
Subkey: 06BBDC2602DFE7E7 2012-09-10 [expired: 2020-09-10]
Rpm Name: gpg-pubkey-accaf35c-57d58c01
Retrieving repository ‘insync’ metadata …[done]
Forcing building of repository cache
Building repository ‘insync’ cache …[done]
Specified repositories have been refreshed.

is the info on the download page out of date…?

Hi! Can you try running sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ACCAF35C please, @mxttie?