New GPG Keys

  • The GPG keys for signing the LiveConfig packages and repositories are replaced every three years for security reasons.
    From today, a new GPG key is used:

    Key name: LiveConfig Package Signer <>
    Key ID old: 08708961 (2048 bit, valid until 2017/11/05)
    Key ID new: 3A2B2840 (4096 bit, valid until 2020/09/19)

    The new key was already installed automatically with LiveConfig v2.5.0. For older installations, the key must be updated manually:


    wget -O - | apt-key add -


    rpm --import

    When not updating the key, you'll get an error message when trying to update LiveConfig packages - on Debian for example like this:

    W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: main InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E73A23BF3A2B2840
    W: Failed to fetch
    W: Some index files failed to download. They have been ignored, or old ones used instead.
  • In spätere Debian/Ubuntu Versionen sieht man:

    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))

    ... und geht es dann doch mit:

    wget -O - | gpg --dearmor - >/etc/apt/trusted.gpg.d/liveconfig.gpg

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!