EXPKEYSIG debian ubuntu

Fix EXPKEYSIG 78BD65473CB3BD13

Google Chrome <linux-packages-keymaster@google.com> — by Google

Official Key Page: https://www.google.com/linuxrepositories/
Error message 
EXPKEYSIG 78BD65473CB3BD13 Google Chrome <linux-packages-keymaster@google.com>

Your distro

Fix commands for Ubuntu

Method 1 Modern method (Debian 11+ / Ubuntu 22.04+)

The modern approach stores keys in /usr/share/keyrings/ as binary .gpg files and references them per-repository. This avoids the deprecated apt-key ring.

Ubuntu — bash
$ sudo apt-key del 3CB3BD13
$ sudo gpg --keyserver keyserver.ubuntu.com --recv-keys 78BD65473CB3BD13
$ sudo gpg --export 78BD65473CB3BD13 | sudo tee /usr/share/keyrings/3CB3BD13-archive-keyring.gpg > /dev/null
# Update your sources.list entry to include [signed-by=/usr/share/keyrings/3CB3BD13-archive-keyring.gpg]
$ sudo apt-get update
Official documentation

Method 2 Legacy apt-key method (Debian 10 / Ubuntu 20.04 and older)

Uses apt-key which is deprecated but still functional on older systems.

Ubuntu — bash
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 78BD65473CB3BD13
$ sudo apt-get update

Method 3 Direct download from official source

Downloads the key directly from the official vendor URL. Preferred when available as it does not rely on keyservers.

Ubuntu — bash
$ sudo curl -fsSL -o /usr/share/keyrings/3CB3BD13-archive-keyring.gpg https://dl.google.com/linux/linux_signing_key.pub
$ sudo apt-get update
Official documentation

Additional notes

Google rotates its Linux repo signing key periodically. If this fix stops working, check the official page for the current key fingerprint.

After importing the key

Run sudo apt-get update (or your distro's equivalent) again. If successful you should see Hit: lines with no EXPKEYSIG warnings. Still broken? Check that your /etc/apt/sources.list.d/ entry references the correct [signed-by=…] keyring path.