Requesting Assistance! GPG error when trying to apt update

I’m getting this error when trying to update whonix using apt update:

[workstation user ~]% sudo apt update && sudo apt full-upgrade
Hit:1 tor+ bookworm InRelease
Hit:2 tor+ bookworm InRelease
Hit:3 tor+ bookworm-updates InRelease
Hit:4 tor+ bookworm-security InRelease
Hit:5 tor+ bookworm-backports InRelease
Hit:6 tor+ bookworm InRelease
Get:7 tor+ bookworm InRelease [4690 B]
Err:7 tor+ bookworm InRelease
The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY C4992CE7A88D4262
Get:8 tor+ bookworm-fasttrack InRelease [12.9 kB]
Reading package lists… Done
W: GPG error: tor+ bookworm InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY C4992CE7A88D4262
E: The repository ‘tor+ bookworm InRelease’ is not signed.
N: Updating from such a repository can’t be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
zsh: exit 100 sudo apt update

Does anyone know how I might remedy this?

Thanks in advance!

Loki repository key missing or wrong. Try instructions here for properly adding it:


Thanks for the reply! Does session-desktop come prepackaged with whonix? It says in the warning message from link you provided that there’s a risk associated with adding a third party repository. So does that mean this dependency is not default in whonix? Should I proceed with adding the keys or should first figure out the integrity of my whonix and gateway setup first? Unless the loki repository has something to do with lokinet being utilized in whonix for session-desktop but I don’t know if that’s supposed to be officially packaged with whonix or I made a boo-boo somewhere…

Yeah what do ya think?

I apologies in advance for being a noob!

Not default.

You need to make a decision. Use it and take the risk or not. Nobody can make that for you.

If you decide so you can mitigate the risk by using multiple VMs.

You added the lokinet repository already but only halfway. It didn’t add itself. But you didn’t add the signing key yet. That’s why thw error is shown.

1 Like

Ok so that means as far as the whonix setup integrity is concerned, I don’t have to worry about anything? I can’t remember for the life of me whether or not I added it initially and stopped because I didn’t manually add the keys. Should I just leave it or remove the repository so it doesn’t throw the warning during systemcheck?

When you mention setting up another VM do you mean to setup whonix-workstation2? Is this new VM going to share tor through the current whonix-gateway or would I need to setup another one if I were to use xmpp or session?

Also, how do I check to make sure I have the latest version?

Thanks again my good man!

Not because of the APT warning message you posted. That repository couldn’t do anything yet because you probably didn’t use --allow-unauthenticated.

I’d remove the repository if you don’t want to follow through using to avoid missing out on real warnings.

Both possible. Endless choice. Check the wiki it’s all there.

Oh wonderful!

You’ve been extremely helpful the solutions you provided will definitely do the trick! extraextra, you are a gentlemen and a scholar!

I am forever grateful for your assistance on this matter!

Merci Beaucoup and Adieu!

1 Like