I have recently had a problem where apt-get update complained with errors like this (but more of them):
W: GPG error: http://mirror.internode.on.net utopic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32 W: GPG error: http://archive.canonical.com utopic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
A little bit of googling revealed that I should import the keys using apt-key or y-ppa-manager , but this did not fix the issue for me. In fact, apt-key assured me that I already had the keys in question:
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 3B4FE6ACC0B21F32 Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.HxoG9btVKl --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/rickyrockrat_ubuntu_parcellite-appindicator.gpg --keyring /etc/apt/trusted.gpg.d/sil.gpg --keyring /etc/apt/trusted.gpg.d/webupd8team_ubuntu_y-ppa-manager.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 3B4FE6ACC0B21F32 gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com gpg: requesting key C0B21F32 from hkp server keyserver.ubuntu.com gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <firstname.lastname@example.org>" not changed gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <email@example.com>" not changed gpg: Total number processed: 2 gpg: unchanged: 2
Since now, after much searching, I have found a solution, I thought it worthwhile to write an article about it here in the hopes of reducing the time wasted by anyone who hits this problem in future.
For full details, check out the answer on the Ask Ubuntu Stack Exchange, but basically, it seems like what happened is that GPG can only handle a limited number of key stores. By clearing out the trusted keys in /etc/apt/trusted.gpg.d , we reduce the number of key stores by one and things start working again. The downside is that Ubuntu no longer trusts the third party sources that I want it to, but at least it trusts the Ubuntu repositories now!