Ubuntu repo signature invalid: EXPKEYSIG CD63F8B21266DE3C svc-workbench <svc-workbench@nvidia.com>

cosinus · December 13, 2025, 10:09am

Please describe your issue or request:

The Ubuntu GPG package signing key is expired.

root@vroomfondel:~# gpg --show-keys ai-workbench-desktop-key.gpg 
pub   rsa3072 2024-12-12 [SC] [expired: 2025-12-12]
      52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid                      svc-workbench <svc-workbench@nvidia.com>

I checked also the key mentioned in the official documentation for a newer version:

pointing to https://workbench.download.nvidia.com/stable/linux/gpgkey, but that’s the same as the one already installed (pre-installed with DGX Spark/ASUS Ascent GX10).

Couldn’t find anything in here or elsewhere that mentioned a way to update.

Please tick the appropriate box to help us categorize your post
Bug or Error
Feature Request
Documentation Issue
Other

dkleissas · December 13, 2025, 8:26pm

@cosinus - see post here for more information: DGX Spark apt update failure (EXPKEYSIG)

cosinus · December 14, 2025, 8:58am

Thank you for the fast fix! 😎

andrew.sheahen · December 15, 2025, 3:08pm

The fix did not work for me - it still says the key is invalid.

youp · December 15, 2025, 4:16pm

Proposed fix doesn’t work for me either

cosinus · December 15, 2025, 5:16pm

Could you run a check via gpg --show-keys?

root@vroomfondel:~# gpg --show-keys /usr/share/keyrings/ai-workbench-desktop-key.gpg
pub   rsa3072 2024-12-12 [SC] [expires: 2027-12-13]
      52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid                      svc-workbench <svc-workbench@nvidia.com>

And just to make sure that it is not some kind of CDN problem:

root@vroomfondel:/tmp# curl -o newkey -fsSL https://workbench.download.nvidia.com/stable/linux/gpgkey
root@vroomfondel:/tmp# gpg --show-keys newkey
pub   rsa3072 2024-12-12 [SC] [expires: 2027-12-13]
      52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid                      svc-workbench <svc-workbench@nvidia.com>

To check what you get from that URL?

andrew.sheahen · December 15, 2025, 8:11pm

I have the same key. It looks like the proper key is there, it just isn’t recognized as valid despite it having the 2027-12-13 expire date.

dkleissas · December 16, 2025, 3:10am

@andrew.sheahen @youp

The linked forum post marked as the solution addresses the AI Workbench installation in DGX Spark and GB10 systems, which is configured slightly different.

If you installed the AI Workbench apt repo following the User Guide, you need to run a slightly different command:

curl -fsSL  https://workbench.download.nvidia.com/stable/linux/gpgkey  |  sudo tee /etc/apt/trusted.gpg.d/ai-workbench-desktop-key.asc

sudo apt update

andrew.sheahen · December 16, 2025, 3:41am

That worked, thank!

Topic		Replies	Views
DGX Spark apt update failure (EXPKEYSIG) Announcements	0	343	December 13, 2025
DGX GPG key problem DGX Systems (Data Center)	2	234	December 3, 2024
The repository 'https://developer.download.nvidia.com/compute/cuda/repos/ubuntu1804/x86_64 Release' is not signed CUDA Setup and Installation	14	10867	May 2, 2022
Broken apt update? DGX Spark / GB10 Projects	2	40	December 16, 2025
Updating the CUDA Linux GPG Repository Key Technical Blog	70	33763	April 4, 2024
Invalid public key for CUDA apt repository Docker and NVIDIA Docker	34	65161	July 18, 2025
No_pubkey a4b469963bf863cc Docker and NVIDIA Docker jetson-inference , containers , docker-machine-learning	2	5662	July 11, 2022
Installation fail - Application Error NVIDIA AI Workbench	7	197	November 11, 2024
Install of NVIDIA AI Workbench on Ubuntu Failed - App Error NVIDIA AI Workbench ubuntu	3	254	September 10, 2024
NVIDIA Container toolkit in Ubuntu 22.04 LTS - NO_PUBKEY DDCAE044F796ECB0 Docker and NVIDIA Docker docker	0	324	June 24, 2025

Ubuntu repo signature invalid: EXPKEYSIG CD63F8B21266DE3C svc-workbench <svc-workbench@nvidia.com>

Related topics