How to fix the missing HPE's public keys

HPE Software Delivery Repository is cryptographically signed, so you can be sure that provided software packages have not been modified by a third party. However, sometimes you can encounter the The following signatures couldn't be verified because the public key is not available error which can be easily fixed.

Step 1

Identify source of the problem by the line GPG error: <a href="http://downloads.linux.hpe.com" rel="nofollow">http://downloads.linux.hpe.com</a> wheezy/current Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C208ADDE26C2B797.

$ sudo apt-get update

Get:1 http://downloads.linux.hpe.com wheezy/current Release.gpg [490 B]
Hit http://downloads.linux.hpe.com wheezy/current Release
Err http://downloads.linux.hpe.com wheezy/current Release
Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://ftp.us.debian.org wheezy Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://ftp.us.debian.org wheezy Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/contrib amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/non-free amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://ftp.us.debian.org wheezy-backports/contrib Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Hit http://ftp.us.debian.org wheezy/main amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free Translation-en
Fetched 490 B in 1s (291 B/s)
Reading package lists...
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://downloads.linux.hpe.com wheezy/current Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C208ADDE26C2B797
W: Failed to fetch http://downloads.linux.hpe.com/SDR/repo/mcp/dists/wheezy/current/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.

Step 2

Install public keys provided on the HPE Software Delivery Repository web-site.

$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey1024.pub       | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048.pub       | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048_key1.pub  | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | sudo apt-key add -

Step 3

Verify that problem is fixed.

$ sudo apt-get update

Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Get:1 http://downloads.linux.hpe.com wheezy/current Release.gpg [490 B]
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.us.debian.org wheezy Release.gpg
Hit http://downloads.linux.hpe.com wheezy/current Release
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://downloads.linux.hpe.com wheezy/current/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy Release
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/contrib amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://ftp.us.debian.org wheezy-backports/contrib Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy/main amd64 Packages
Ign http://downloads.linux.hpe.com wheezy/current/non-free Translation-en
Hit http://ftp.us.debian.org wheezy/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free Translation-en
Fetched 490 B in 1s (275 B/s)
Reading package lists...

Additional information

Use gnupg to list trusted keys.

$ sudo gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --list-keys

/etc/apt/trusted.gpg
--------------------
pub   2048R/B1275EA3 2014-11-19 [expires: 2024-11-16]
uid                  Hewlett-Packard Company RSA (HP Codesigning Service) - 1
pub   2048R/5CE2D476 2012-12-04 [expires: 2022-12-02]
uid                  Hewlett-Packard Company RSA (HP Codesigning Service)
pub   2048R/26C2B797 2015-12-10 [expires: 2025-12-07]
uid                  Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>
pub   1024D/2689B887 2005-03-11 [expired: 2015-03-09]
uid                  Hewlett-Packard Company (HP Codesigning Service)

Use gnupg to verify release file.

$ sudo gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify /var/lib/apt/lists/{downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release.gpg,downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release}

gpg: Signature made Tue Mar 14 22:03:46 2017 UTC using RSA key ID 26C2B797
gpg: Good signature from "Hewlett Packard Enterprise Company RSA-2048-25 <signhp@hpe.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5744 6EFD E098 E5C9 34B6  9C7D C208 ADDE 26C2 B797

In case you are still curious about the signature and release file contents then inspect those.

$ cat /var/lib/apt/lists/downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release.gpg

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQEcBAABCAAGBQJYyGjCAAoJEMIIrd4mwreXbZUH/A9SZl4p0sdz8oUGiHQnm43B
vl0EEG9lrTrLMxB13yTzeIW+/6J2GFl3dDT9jFzxkwxU4SBnAlzXJuFFv+QCB6jA
WeLOcFT/pDyS44U/vHeyTg5pEteqbPFvsMGe6F/A5dWTF3F2Fmfwf80CvVoe2/vi
G57rVP+p3aByEeuqQjsx28qhASTmH0BO5X2o3KCVWp5yI9aFTB0iR5k55OvALxUu
ptiLpHdjsx74V5RCwAx4xPAlIwhJpnkcU8oA0gAnLbFgggOFslG4HVfj1VXJQvZH
intGgLTDbzxIJCr8fYR1y1tNOAfMRn0ygUrVWFwr2OHtXR+YWeveI51BA7zil1Q=
=xbmR
-----END PGP SIGNATURE-----

$ cat /var/lib/apt/lists/downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release

Architectures: amd64 i386
Components: non-free
Date: Tue, 10 Sep 2013 17:25:59 UTC
Description: HP Management Component Pack
Label: MCP
Origin: HP
Suite: wheezy
MD5Sum:
 d41d8cd98f00b204e9800998ecf8427e                0 Release
 b34146fce867f6866d15b1299c03f0eb            21614 non-free/binary-amd64/Packages
 8fc0a6b4c1f3e376ac7c28ec3588e668             6238 non-free/binary-amd64/Packages.bz2
 4a3fbb4aad84d1c65f4cf4f3de7da445             6420 non-free/binary-amd64/Packages.gz
 b15c41fa0d4a4aa1900b8baaeddbd05f            21580 non-free/binary-i386/Packages
 8ea9f47bfd6c156cbc4e7c5eee46d674             6247 non-free/binary-i386/Packages.bz2
 6f76dad67d9ac74446047af6afc2f86a             6467 non-free/binary-i386/Packages.gz
 d41d8cd98f00b204e9800998ecf8427e                0 non-free/source/Sources
 4a4dd3598707603b3f76a2378a4504aa               20 non-free/source/Sources.gz
SHA1:
 da39a3ee5e6b4b0d3255bfef95601890afd80709                0 Release
 d4e80e29b7336fcc157108b13441692896eca67c            21614 non-free/binary-amd64/Packages
 babe71febd9e14d7b50583ee8ca6a5cca8b8b594             6238 non-free/binary-amd64/Packages.bz2
 5fe6c9e85fa7f57ef05c9ced1f744b9391b333ce             6420 non-free/binary-amd64/Packages.gz
 3d423e8e33b83a808c685ff5d22f01acaf255f88            21580 non-free/binary-i386/Packages
 1ad3811b9149e3b7856aa99951a296e44dab5695             6247 non-free/binary-i386/Packages.bz2
 2e338385af0177e8ba55654181f0d6c2168dcb2a             6467 non-free/binary-i386/Packages.gz
 da39a3ee5e6b4b0d3255bfef95601890afd80709                0 non-free/source/Sources
 a0fddd5458378c1bf3c10dd2f5c060d1347741ed               20 non-free/source/Sources.gz
SHA256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855                0 Release
 7d74647f84c5f07caa555902b4b89748947e7176e9b6ee6ce11f4fdeafc9c9db            21614 non-free/binary-amd64/Packages
 21b0756ba35e6852ecfa9ad64af739fb52bf98efc0022569301ad739fd9c2d69             6238 non-free/binary-amd64/Packages.bz2
 eeb2b65747c5de78f93122b36bea33580f507c0d5b906f96ab1b916f3eb0b2ad             6420 non-free/binary-amd64/Packages.gz
 aebdc28143c383d8a2fe12306786d0f9485c9388fc8e60e567777c214f4d1c56            21580 non-free/binary-i386/Packages
 73aba416aaa36fdbde435b4ba22907c824f100bc07d459f34283011ca62c0a6f             6247 non-free/binary-i386/Packages.bz2
 eda6c70189c7e65bfb70d831bff436ffba5c1a6a60f59e5d25bf355057ec38f0             6467 non-free/binary-i386/Packages.gz
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855                0 non-free/source/Sources
 f61f27bd17de546264aa58f40f3aafaac7021e0ef69c17f6b1b4cd7664a037ec               20 non-free/source/Sources.gz
SHA512:
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e                0 Release
 de5b226bc80f769c0f551ca4efa9d27835b205c012e92180e467d85c902157d6b17aabfd71f9b0badb1a21abec98ba601cda38fc3b5c949935a5f37b690b18c5            21614 non-free/binary-amd64/Packages
 a7c70a334a95af990e895abf3490846f6e62fbe45e870627590c12e33daa02810cba026aca10e4fca057a9e35f86b36bb50564a19b1f215306df4989c526aaf8             6238 non-free/binary-amd64/Packages.bz2
 7b03405577893b0a7e182c1cf7377ed6cecaa36610f8ee46ad47be1632cbd4ff3437687f15a88afdce6b59c060ebe435e8d68461780d043e8dac49c83b0fa98c             6420 non-free/binary-amd64/Packages.gz
 001c6545284593bbbcb7b8e0641081bc65b81aa145fcddfca7116decaa4ce8725501c15b40a7c6bb1082df36428d01130c274c8c899faace84b80e5c23f09e29            21580 non-free/binary-i386/Packages
 7b08dfe6f82732fdd01adc60f6afa43cb0ed843054448a5c1adb7b514e19e0263250929580a435d41c67892291edac29485cdd022705cda6607ec77a9aa5aa80             6247 non-free/binary-i386/Packages.bz2
 6d4c04547ad7325e38250e22755cb361bcd0b58e47652ba2542592f67e17b127a24633824664af75cacb86b5a7a38af5455ea4592a63dd62c6be71c7eb5db726             6467 non-free/binary-i386/Packages.gz
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e                0 non-free/source/Sources
 1b46b9b08d5b338be9d732a1724795b2eab63daffde377218727c90857b79fe6a47bceed495117fcde60f7339812ef75ef4c69f82dd79fb69b6cbf8006b521f2               20 non-free/source/Sources.gz