The following signatures were invalid: EXPKEYSIG A386D59E7C22F628

We’ve recently updated the signing certificates used for our .deb and .rpm packages in the Enclave package repositories.

When running apt-get update if you receive the following error message you simply need to tell apt (or dnf) to download the latest public key from the Enclave package repository:

$ sudo apt update
Get:1 https://packages.enclave.io/apt stable InRelease [4799 B]
Err:1 https://packages.enclave.io/apt stable InRelease
  The following signatures were invalid: EXPKEYSIG A386D59E7C22F628 Enclave Networks <support@enclave.io>
Reading package lists... Done

W: GPG error: https://packages.enclave.io/apt stable InRelease: The following signatures were invalid: EXPKEYSIG A386D59E7C22F628 Enclave Networks <support@enclave.io>
E: The repository 'https://packages.enclave.io/apt stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Update the signing key for Debian-based distributions

To update to the latest signing key, simply re-run step two of the Linux installation instructions pull the latest key:

curl -fsSL https://packages.enclave.io/apt/enclave.stable.gpg  | sudo gpg --dearmor -o /usr/share/keyrings/enclave.gpg

Overwrite the existing enclave.gpg key when prompted, and then run sudo apt update again to check for the latest packages.

Update the signing key for RPM-based distributions

To update to the latest signing key, simply re-import the Enclave public key and re-make the cache:

sudo dnf clean all
sudo rm -R /var/cache/dnf/enclave-*/pubring
sudo dnf check-update

Now run sudo dnf update again to check for the latest packages.