Unable to add gpg key with apt-key behind a proxy

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
18
down vote

favorite
5












Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.




Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SKS OpenPGP Public Key Server</title>
</head>
<body>
[...]


What can I do ? I'm not even sure on how to further debug it...




Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.










share|improve this question























  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57















up vote
18
down vote

favorite
5












Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.




Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SKS OpenPGP Public Key Server</title>
</head>
<body>
[...]


What can I do ? I'm not even sure on how to further debug it...




Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.










share|improve this question























  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57













up vote
18
down vote

favorite
5









up vote
18
down vote

favorite
5






5





Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.




Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SKS OpenPGP Public Key Server</title>
</head>
<body>
[...]


What can I do ? I'm not even sure on how to further debug it...




Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.










share|improve this question















Adding a gpg key via apt-key systematically fails since I've switched to Ubuntu 17.04 (I doubt it's directly related though). Example with Spotify's repo key:



$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
Executing: /tmp/apt-key-gpghome.wRE6z9GBF8/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886
gpg: keyserver receive failed: No keyserver available


Same thing if I remove the hkp:// prefix.




Context: I use CNTLM to cope with the local corporate proxy. Env variables are set (in /etc/environment):



$ env | grep 3128
https_proxy=http://localhost:3128
http_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128


/etc/apt/apt.conf is configured (apt commands are working fine):



$ cat /etc/apt/apt.conf
Acquire::http::Proxy "http://localhost:3128";
Acquire::https::Proxy "http://localhost:3128";
Acquire::ftp::Proxy "http://localhost:3128";


Finally, the specified keyserver seems reachable:



$ curl keyserver.ubuntu.com:80
<?xml version="1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>SKS OpenPGP Public Key Server</title>
</head>
<body>
[...]


What can I do ? I'm not even sure on how to further debug it...




Things I already tried to do, without any result:



  • run sudo with -E (preserve env) option

  • run apt-key adv with --keyserver-options http-proxy=http://localhost:3128/ option (source)

  • run $ gpg --list-keys for some reason (source)

  • use another keyserver (--keyserver pgp.mit.edu)

  • remove the hkp:// part (--keyserver keyserver.ubuntu.com:80)

Weird thing is that I never see any "cntlm" entry in /var/log/syslog when running apt-key.







debian apt proxy gpg






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited May 20 '17 at 4:33









Rui F Ribeiro

36.9k1273117




36.9k1273117










asked Apr 25 '17 at 15:07









Anto

1911213




1911213











  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57

















  • What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
    – dirkt
    May 10 '17 at 6:29










  • I've got the web page (same as the one shown in curl's output above)
    – Anto
    May 10 '17 at 10:57
















What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
– dirkt
May 10 '17 at 6:29




What happens when you try to access http://keyserver.ubuntu.com/ in your browser?
– dirkt
May 10 '17 at 6:29












I've got the web page (same as the one shown in curl's output above)
– Anto
May 10 '17 at 10:57





I've got the web page (same as the one shown in curl's output above)
– Anto
May 10 '17 at 10:57











1 Answer
1






active

oldest

votes

















up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f361213%2funable-to-add-gpg-key-with-apt-key-behind-a-proxy%23new-answer', 'question_page');

);

Post as a guest






























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26














up vote
25
down vote



accepted










You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer






















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26












up vote
25
down vote



accepted







up vote
25
down vote



accepted






You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK





share|improve this answer














You usually have a proxy for ftp, http and https; I am seeing there hkp:// as an URL; so it should not be directed via a pure http proxy, hence failing the communication.



Use this instead:



sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://localhost:3128 --recv-keys BBEBDCB318AD50EC6865090613B00F1FD2C19886


As for the system updates, I would advise using an APT proxy, for instance, apt-cacher-ng.



Another way of doing it, is searching in the public web interface, with a browser, for instance on your working station for the key you want at https://keyserver.ubuntu.com



Open the site, and you got a form. In this case I used the "Search String" "Spotify"; then select "Search" ; it will list several keys.



Searching for the signature/fingerprint that you mentioned in the result page:



pub 4096R/D2C19886 2015-05-28 
Fingerprint=BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886

uid Spotify Public Repository Signing Key <operations@spotify.com>
sig sig3 D2C19886 2015-05-29 __________ 2017-11-22 [selfsig]
sig sig 94558F59 2015-06-02 __________ __________ Spotify Public Repository Signing Key <operations@spotify.com>


We see this is the entry that interests us.



So we click in D2C19886 and are presented with a page with the key at https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x13B00F1FD2C19886.



Public Key Server -- Get "0x13b00f1fd2c19886 "

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com

mQINBFVm7dMBEADGcdfhx/pjGtiVhsyXH4r8TrFgsGyHEsOWaYeU2JL1tEi+YI1qjpExb2Te
TReDTiGEFFMWgPTS0y5HQGm+2P3XGv0pShvgg9A6FWZmZmT+tymA2zvNrdpmKdhScZ52StPL
Fz9wsmXHG4DIKVuzgzuV4YxJ1i2wFtoVp8zT9ORu1BxLZ0IBwTvLRbaQGZ8DwXVAHak9cK91
Ujj6gJ1MJPohZLHH2BjrOjEl/I36jFUjK0AadznNzo08lLAi94qjtheJtuJD3IEOAlCkaknz
6vbEFpszLGlLD7GENMzJk46ObuJuvW5R2PkOU2U8jS0GaUD9Ou/SIdJ6vIdvjSs/ettc2wwd
nbSdadvjovIfvEBRsEVMpRG+42B+DZpJbS9pCb8sxTJtnUy1YViZmG0++FhPGGPGzQYhC/Mz
07lsx5PkC7Kka2FCNmhauxw5deO43Ck181oQVdbt/VxmChzchUJ6N6/uOV5JKm7B9UnDNyqU
Yv6goeLvFnT9ag+FCxiroTrq+dINr6d+XT/cI9WtSagfmhcekwhyfcCgYsFemAOckRifjEGF
MksQlnWkGwWNoKe91KBxjgaJaazSbZRk0dFPSSmfKWaxuTwkR74pbaueyijnQJgHAjfCyzQe
9miN9DitON5l6T2gVAN3Jn1QQmV7tt5GB7amcHf5/b0oYmmRPQARAQABtD5TcG90aWZ5IFB1
YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDxvcGVyYXRpb25zQHNwb3RpZnkuY29tPokB
HAQQAQIABgUCVW3SWAAKCRAILM7flFWPWUk5B/wOqqD9/2Do9PyPucfUs/rrP4+M8iJLpv8U
+bX/qHryTTWfpk3YuKL4+c8saHySK4HLGyxd3mdo1XMF351KrxLQvWMSSPbIRV9cSqZROOVn
2ya+3xpWk6t1omLzxtBBMOC4B5qAfWhog7ioAmzQNY5NUz5mqXVP5WbgR/G+GOszzuQUgeu1
Xxxzir3JqWQ0g8mp3EtX7dB76zxkkuTYbeVDPOvtJPn/38d3oSLUI1QJnL8pjREHeE8fO5mW
ncJmyZNhkYd+rfnPk+W0ZkTr59QBIEOGMTmATtNh+x1mo5e2dW91Oj4jEWipMUouLGqbo/gJ
uHFMt8RWBmy+zFYUEPYHiQI+BBMBAgAoAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUC
VWg3sAUJBK3QLQAKCRATsA8f0sGYhl6hEACJ1CrYjaflKKR2Znuh0g0gM89NAwO8AA4+SpkW
HagdGLo7OV/rGB3mlwD4mhaa8CbEnBT/za3jFnT19KsYQWiT21oOX/eo47ITbAspjDZTiXLi
nyAcOJn+q/EFkelROzbVaxZHi6SN5kCEd8KAew8h2jZf8wWqaYVyMPNSqotUhin6YjWsu57B
GixVThoMmxx3udsGAiYqt8buAANWbkUphrvtJuNCKkGym7psnS4Q5EnHPfvbYii9iAfBswX6
nZQlehva7aToN73elYL3opCArAxKAFx70bpGxb7T16KjKzkKS0a4iQ7xdbBGylb+AE/RhICa
+RM5tma2YnB3pZvFM/n0BNeYReCgvxkl1rqrB1KxmFHfGqjLkb2YAZ5RYnP3gEt+nbEWxL8F
O0Bhakn1RB3NqTC2oiQAUfh+66yUawUNkHRHlGAEzZAxvpfnf0hSJp734lyQZJs+zqXUAXa2
UmEZ6se62PgZRQIz5IbAVxSiGz4xIZs1yS36N2vZ34LFJa9o/HVk5OfpqZM0zjWwQIQN2b4O
BizL5r4h2Mi5BHUEyYMsDZn+txoJjPPYLolRlf31sqi5MJE+cbOAXSn8PC9k4i+hrbfqFzts
47+6xgCH3aXbhUkJh1CH/0/qEXfTPYTyayijm4rdvSBczzEORWGT5E38oV9h1eUqp4nVPg==
=/qip
-----END PGP PUBLIC KEY BLOCK-----


You cut between the line that begins with "-----BEGIN" and the line ending with "-----END", including those lines, and paste to a file, say spotify.pgp on the intended server you want to import that key. (do not cut it from here, as I added 4 spaces before each line while formatting)



Finally to import the key into the server you do:



$sudo apt-key add spotify.pgp
OK






share|improve this answer














share|improve this answer



share|improve this answer








edited Sep 25 at 11:57

























answered Apr 25 '17 at 15:29









Rui F Ribeiro

36.9k1273117




36.9k1273117











  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26
















  • I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
    – Anto
    Apr 25 '17 at 15:34










  • @Anto did it work?
    – Rui F Ribeiro
    May 27 '17 at 9:03






  • 1




    Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
    – Anto
    May 29 '17 at 9:26















I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
– Anto
Apr 25 '17 at 15:34




I had the same idea about http vs hkp, but unfortunately removing hkp:// didn't change anything: the output remains the same... Regarding apt proxy solutions, that's not something I thought about (yet)
– Anto
Apr 25 '17 at 15:34












@Anto did it work?
– Rui F Ribeiro
May 27 '17 at 9:03




@Anto did it work?
– Rui F Ribeiro
May 27 '17 at 9:03




1




1




Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
– Anto
May 29 '17 at 9:26




Hello Rui, indeed this "manual" method works and that's how I "temporarily" solved it in the meantime. Apparently this temporary solution is not gonna stay temporary :( But thanks a lot anyway.
– Anto
May 29 '17 at 9:26

















 

draft saved


draft discarded















































 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f361213%2funable-to-add-gpg-key-with-apt-key-behind-a-proxy%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?