Invalid packet/keyring. How to find out what's responsible?

Daniel Kahn Gillmor dkg at
Wed Oct 19 23:22:35 CEST 2016

Hi Kevin--

On Wed 2016-10-19 12:45:42 -0400, Kevin Gallagher wrote:
> I've been seeing this error lately both with one of my local GPG
> keyrings, and with apt.
>     gpg: [don't know]: invalid packet (ctb=2d)
>     gpg: keydb_get_keyblock failed: Value not found
>     gpg: [don't know]: invalid packet (ctb=2d)
>     gpg: /tmp/tmp.rObzKgJEj5/pubring.gpg: copy to
>     '/tmp/tmp.rObzKgJEj5/pubring.gpg.tmp' failed: Invalid packet
>     gpg: error writing keyring '/tmp/tmp.rObzKgJEj5/pubring.gpg':
>     Invalid packet
>     gpg: [don't know]: invalid packet (ctb=2d)
>     gpg: error reading '-': Invalid packet
>     gpg: import from '-' failed: Invalid packet
> In the latter case, I solved it by exporting all my keys and importing
> them back again. But that doesn't work this time:
> apt-key exportall says: gpg: key export failed: Invalid keyring
> How can I figure out which specific key is corrupted or responsible for
> this, so I can repair my keyring?

what version of apt?  what version of gpg?  it sounds to me like you
have some public keyring that is ascii-armored instead of raw.  you
might manually (individually) test /etc/apt/trusted.gpg and
/etc/apt/trusted.gpg.d/*.gpg to see whether they're ascii-armored or

for example:

    grep 'BEGIN PGP' /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*.gpg



More information about the Gnupg-users mailing list