cosinus
December 13, 2025, 10:09am
1
Please describe your issue or request:
The Ubuntu GPG package signing key is expired.
root@vroomfondel:~# gpg --show-keys ai-workbench-desktop-key.gpg
pub rsa3072 2024-12-12 [SC] [expired: 2025-12-12]
52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid svc-workbench <svc-workbench@nvidia.com>
I checked also the key mentioned in the official documentation for a newer version:
pointing to https://workbench.download.nvidia.com/stable/linux/gpgkey , but that’s the same as the one already installed (pre-installed with DGX Spark/ASUS Ascent GX10).
Couldn’t find anything in here or elsewhere that mentioned a way to update.
Please tick the appropriate box to help us categorize your post
cosinus
December 14, 2025, 8:58am
3
Thank you for the fast fix! 😎
The fix did not work for me - it still says the key is invalid.
youp
December 15, 2025, 4:16pm
5
Proposed fix doesn’t work for me either
cosinus
December 15, 2025, 5:16pm
6
Could you run a check via gpg --show-keys?
root@vroomfondel:~# gpg --show-keys /usr/share/keyrings/ai-workbench-desktop-key.gpg
pub rsa3072 2024-12-12 [SC] [expires: 2027-12-13]
52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid svc-workbench <svc-workbench@nvidia.com>
And just to make sure that it is not some kind of CDN problem:
root@vroomfondel:/tmp# curl -o newkey -fsSL https://workbench.download.nvidia.com/stable/linux/gpgkey
root@vroomfondel:/tmp# gpg --show-keys newkey
pub rsa3072 2024-12-12 [SC] [expires: 2027-12-13]
52ECDF6597CFBD86D5BF4DB3CD63F8B21266DE3C
uid svc-workbench <svc-workbench@nvidia.com>
To check what you get from that URL?
I have the same key. It looks like the proper key is there, it just isn’t recognized as valid despite it having the 2027-12-13 expire date.
@andrew.sheahen @youp
The linked forum post marked as the solution addresses the AI Workbench installation in DGX Spark and GB10 systems, which is configured slightly different.
If you installed the AI Workbench apt repo following the User Guide , you need to run a slightly different command:
curl -fsSL https://workbench.download.nvidia.com/stable/linux/gpgkey | sudo tee /etc/apt/trusted.gpg.d/ai-workbench-desktop-key.asc
sudo apt update
NVES
December 17, 2025, 2:44pm
10
The fix for Ubuntu repo signature invalid: EXPKEYSIG CD63F8B21266DE3C svc-workbench
sudo apt update (still see the error)sudo apt full-upgrade (installs a new key)sudo apt update (no error)
This did not work for me - the error persists.
cosinus
December 18, 2025, 5:00pm
12
Then you should check the config of that repo. May be it is pointing to another path for that key.
root@vroomfondel:~# cd /etc/apt/sources.list.d/
root@vroomfondel:/etc/apt/sources.list.d# grep workbench *
ai-workbench-desktop.sources:URIs: https://workbench.download.nvidia.com/stable/linux/debian
ai-workbench-desktop.sources:Signed-By: /usr/share/keyrings/ai-workbench-desktop-key.gpg
ro
So in my case the repo is defined in /etc/apt/sources.list.d/ai-workbench-desktop.sources.
Check the contents of your workbench repo file.
If you are using a newer version of APT, this won’t work, because now APT uses Sequoia (sqv) instead of GnuPG (gpgv). Sequoia is a bit more strict on OpenGPG standards. To solve this you have to edit the /etc/apt/sources.list.d/nvidia-ai-workbench.sources like this:
Types: debhttps://workbench.download.nvidia.com/stable/linux/debian