HowTo Update PGP Package Signing Keys

Posted · Add Comment

Due to the deprecation of SHA-1 in RHEL9, we had to update our PGP keys used to sign packages. This has created some side effects for hosts with existing packages installed, similar to the one below on apt based systems:

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 3D84C955924F7599

In order to solve this, please follow the below instructions:

  • RPM (CentOS and Rocky)
    The system should detect that a new key is installed and handle that automatically. All you need to do is to type y when this message appears

    Importing GPG key 0x924F7599:
     Userid     : "Luca Deri <>"
     Fingerprint: 8E07 231F 0575 7F56 FECE 3977 3D84 C955 924F 7599
     From       :
    Is this ok [y/N]: y
  • APT (Debian, Ubuntu, PiOS)
    Before upgrading your packages with apt update && apt upgrade, please:

    • Download the apt-ntop (or apt-ntop-stable) repository package as described at
    • Reinstall the repository package. This will update the apt files and download the new ntop key.

Note that unless you execute the above steps, the ntopng update from the top right menu will not work as new packages will not be detected as valid.