Failed to fetch tor+https://deb.loki.network/dists/bookworm/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E

happy_hollaf · February 24, 2026, 8:28am

I followed the instructions and successfully imported the key but always get the error :

Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: tor+https://deb.loki.network bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
E: Failed to fetch tor+https://deb.loki.network/dists/bookworm/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
E: Some index files failed to download. They have been ignored, or old ones used instead.
zsh: exit 100

Patrick · February 24, 2026, 8:54am

Unrelated to EXPKEYSIG - Error GPG key Whonix.

That is the issue.

Unspecific to Whonix.

Can be resolved as per:

happy_hollaf · February 24, 2026, 2:46pm

Hi @Patrick and thank you for having moving my question to a new thread…

Well I am now aware this it’s propably not an error due to Whonix but I web research doesn’t give me any solution.

Anybody with a tip here ?

Thanks a lot

Patrick · February 24, 2026, 5:23pm

Only upstream (in this case loki.network) can fix/support their custom APT repository. Check upstream documentation, support.

Speculation: They might have deprecated support for Debian 10 / bookworm.

Release upgrade to Debian 11 / trixie based version may be required.

happy_hollaf · February 24, 2026, 7:47pm

Thank you very much @Patrick

yeniss · February 25, 2026, 3:49pm

Hey, I was having the same issue and as a Whonix newbie I had trouble trying to solve it.

Here is what finally worked for me: follow the link to deb.loki.network as per in your error and there you will find some steps.
Seems like some repositories work with rotating keys so the ones in our locals expired and they need to be replaced. In my case the solution was executing the command in the page and that immediately fixed my package update problem, hope it works for you too.

Cheers!

happy_hollaf · February 27, 2026, 3:50pm

Hi @yeniss and thank you for your message !

Would you kindly share a webpage ?

EDIT : found here https://deb.loki.network/ but issue remains even after changing the key for me… I don’t get it. Well at least I now know it’s a Session package issue.

FranklyFlawless · February 28, 2026, 7:04am

Did you carefully follow the “Long is good, will read” section?

happy_hollaf · February 28, 2026, 9:00am

Hi @FranklyFlawless, I can’t edit my session.sources file as it is in “read only” mode. How can I open it as root ? Thank you for teaching me

Patrick · February 28, 2026, 3:50pm

Open File with Root Rights

happy_hollaf · March 2, 2026, 1:18pm

Thank you @Patrick, I was able to edit the file and set it as recommended on the page : https://deb.loki.network/

Get:10 tor+https://fasttrack.debian.net/debian-fasttrack bookworm-backports-staging InRelease [12.9 kB]
Get:11 tor+https://deb.loki.network bookworm InRelease [4705 B]                
Err:11 tor+https://deb.loki.network bookworm InRelease                         
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
Reading package lists... Done                                                  
E: Release file for tor+https://deb.debian.org/debian/dists/bookworm-updates/InRelease is not valid yet (invalid for another 1d 16h 10min 4s). Updates for this repository will not be applied.
E: Release file for tor+https://deb.debian.org/debian-security/dists/bookworm-security/InRelease is not valid yet (invalid for another 1d 10h 47min 50s). Updates for this repository will not be applied.
E: Release file for tor+https://deb.debian.org/debian/dists/bookworm-backports/InRelease is not valid yet (invalid for another 1d 16h 10min 3s). Updates for this repository will not be applied.
E: Release file for tor+https://fasttrack.debian.net/debian-fasttrack/dists/bookworm-fasttrack/InRelease is not valid yet (invalid for another 1d 21h 2min 8s). Updates for this repository will not be applied.
E: Release file for tor+https://fasttrack.debian.net/debian-fasttrack/dists/bookworm-backports-staging/InRelease is not valid yet (invalid for another 1d 21h 2min 8s). Updates for this repository will not be applied.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: tor+https://deb.loki.network bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
zsh: exit 100   sudo apt update

Patrick · March 2, 2026, 3:58pm

happy_hollaf:

E: Release file for tor+https://deb.debian.org/debian-security/dists/bookworm-security/InRelease is not valid yet (invalid for another 1d 10h 47min 50s). Updates for this repository will not be applied.

Clock issues unrelated to loki APT repository. → Network Time Synchronization - Whonix

happy_hollaf · March 2, 2026, 5:08pm

Hi @Patrick thank you for your precious help.

Update on the situation. I was able set my time correctly bur error with session key remains

Err:4 tor+https://deb.loki.network bookworm InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E

my session.sources looks like following

Types: deb
URIs: https://deb.session.foundation
Suites: bookworm
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg

I am going crazy with this !

As it is not related to Whonix I guess I should contact :

Contact jagerman via via @jagerman42 (Telegram) or jagerman (on Session).

FranklyFlawless · March 3, 2026, 2:26am

Let us know if jagerman are to resolve your issue after you contact them.

happy_hollaf · March 3, 2026, 7:58pm

well, I get no support from jagerman tried to contact them on Session.

FranklyFlawless · March 4, 2026, 10:18am

Okay, follow the TL;DR instructions with elevated privileges from the Open File with Root Rights page posted earlier in this topic:

If, as of February 1st, you start seeing errors when updating package lists such as:
GPG error: https://deb.oxen.io bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
or:
Missing key 3025F17897F46CB5538178CA401E790E060BB00E, which is needed to verify signature.
that means we have rotated the signing key and you need to install the updated one.

Setting it up (TL;DR version)

Set up this repository on your system by running the following:
sudo curl -so /usr/share/keyrings/session-foundation.gpg https://deb.session.foundation/pub.gpg

cat <<EOF | sudo tee /etc/apt/sources.list.d/session.sources
Types: deb
URIs: https://deb.session.foundation
Suites: $(lsb_release -sc)
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg
EOF

sudo apt update
Alternatively, if you don’t have sudo installed but are already logged in as root:
curl -so /usr/share/keyrings/session-foundation.gpg https://deb.session.foundation/pub.gpg

cat <<EOF >/etc/apt/sources.list.d/session.sources
Types: deb
URIs: https://deb.session.foundation
Suites: $(lsb_release -sc)
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg 
EOF

apt update
Or this alternative that crams the session.sources content into one line and might be easier to copy and paste (this one also requires being logged in as root already):
curl -so /usr/share/keyrings/session-foundation.gpg https://deb.session.foundation/pub.gpg

echo -e "Types: deb\nURIs: https://deb.session.foundation\nSuites: $(lsb_release -sc)\nComponents: main\nSigned-By: /usr/share/keyrings/session-foundation.gpg" >/etc/apt/sources.list.d/session.sources

apt update
(You only need to do this once).

If you are using Whonix 18, change the value of Suites to trixie instead of bookworm.

happy_hollaf · March 4, 2026, 12:14pm

[workstation user ~]% sudo curl -so /usr/share/keyrings/session-foundation.gpg https://deb.session.foundation/pub.gpg

cat <<EOF | sudo tee /etc/apt/sources.list.d/session.sources
Types: deb
URIs: https://deb.session.foundation
Suites: $(lsb_release -sc)
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg
EOF

sudo apt update
[sudo] password for user:
Types: deb
URIs: https://deb.session.foundation
Suites: bookworm
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg
Get:1 tor+https://updates.signal.org/desktop/apt xenial InRelease [5955 B]
Get:2 tor+https://updates.signal.org/desktop/apt xenial/main amd64 Packages [89.2 kB]
Hit:3 tor+https://deb.kicksecure.com bookworm InRelease
Get:4 tor+https://fasttrack.debian.net/debian-fasttrack bookworm-fasttrack InRelease [12.9 kB]
Hit:5 tor+https://deb.whonix.org bookworm InRelease
Get:6 tor+https://deb.loki.network bookworm InRelease [4705 B]
Hit:7 https://deb.session.foundation bookworm InRelease
Err:6 tor+https://deb.loki.network bookworm InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
Get:8 tor+https://fasttrack.debian.net/debian-fasttrack bookworm-backports-staging InRelease [12.9 kB]
Hit:9 tor+https://deb.debian.org/debian bookworm InRelease
Get:10 tor+https://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Get:11 tor+https://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:12 tor+https://deb.debian.org/debian bookworm-backports InRelease [59.4 kB]
Get:13 tor+https://deb.debian.org/debian-security bookworm-security/main amd64 Packages [293 kB]
Get:14 tor+https://deb.debian.org/debian bookworm-backports/main amd64 Packages.diff/Index [63.3 kB]
Get:15 tor+https://deb.debian.org/debian bookworm-backports/main amd64 Packages T-2026-03-02-2002.42-F-2026-03-02-2002.42.pdiff [888 B]
Get:15 tor+https://deb.debian.org/debian bookworm-backports/main amd64 Packages T-2026-03-02-2002.42-F-2026-03-02-2002.42.pdiff [888 B]
Fetched 646 kB in 6s (108 kB/s)
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: tor+https://deb.loki.network bookworm InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
E: Failed to fetch tor+https://deb.loki.network/dists/bookworm/InRelease The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 401E790E060BB00E
E: Some index files failed to download. They have been ignored, or old ones used instead.
zsh: exit 100 sudo apt update
[workstation user ~]% curl -so /usr/share/keyrings/session-foundation.gpg https://deb.session.foundation/pub.gpg

cat </etc/apt/sources.list.d/session.sources
Types: deb
URIs: https://deb.session.foundation
Suites: $(lsb_release -sc)
Components: main
Signed-By: /usr/share/keyrings/session-foundation.gpg
EOF

apt update
zsh: exit 23 curl -so /usr/share/keyrings/session-foundation.gpg
zsh: permission denied: /etc/apt/sources.list.d/session.sources
zsh: exit 1 cat <<<“” > /etc/apt/sources.list.d/session.sources
Reading package lists… Done
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)
zsh: exit 100 apt update
[workstation user ~]%

Still not able to make the changes I am still using Whonix 17

happy_hollaf · March 4, 2026, 9:48pm

And solved with the help of jagerman. I had to delete the old “loki.list” file in the folder /etc/apt/sources.list.d/ and only keep the new one I edited.

Thank you to him

FranklyFlawless · March 5, 2026, 4:01am

Thank you for keeping us informed.