On June 2, 2022, we will update the GPG key used to sign Duo Unix distribution packages to improve the strength and security of our package signatures. If you are currently using this application, the next time that you upgrade the Duo Unix package on or after June 6th via yum, dnf, apt, or apt-get, you will also have to update the key.
Depending on which distribution of Unix you are using, you will need to run the following command during the application upgrade process to update the GPG key.
CentOS, Fedora and Red Hat Enterprise Linux (RHEL)
rpm --import https://duo.com/DUO-GPG-PUBLIC-KEY.asc
Ubuntu 18.04 and 20.04 and Debian
curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | sudo apt-key add -
curl -s https://duo.com/DUO-GPG-PUBLIC-KEY.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/duo.gpg
These are the same commands that must be run to import Duo’s GPG signing keys for a new installation of Duo Unix.
This key change does not impact deprecated OS versions such as Debian 8 or CentOS 6.
If you are currently running Duo Unix and try to upgrade to the latest version without updating the GPG key, you will see an error similar to the following.
Example error when using apt update
W: GPG error: https://pkg.duosecurity.com/Debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY …
Example error when using
yum install duo_unix or
dnf install duo_unix
Public key for duo_unix-1.12.1-0.el9.x86_64.rpm is not installed The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'yum clean packages'. Error: GPG check FAILED
Let us know if you have any questions about this!