Failed to verify signature archive-contents.sig in Emacs
November 14, 2025
In the evening, when I wanted to look at color themes for Aquamacs, an
Emacs for macOS, I was greeted with the following error message
(reformatted for clarity) after I did a M-x package-refresh-contents:
Failed to verify signature archive-contents.sig:
No public key for 645357D2883A0966 created at 2025-11-14T11:05:15+0100
using (unknown algorithm 22)
Command output:
gpg: Signature made Fri Nov 14 11:05:15 2025 CET
gpg: using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
gpg: Can't check signature: No public key
I was able to fix this using the by disabling signature checking,
refreshing the package list, installing gnu-elpa-keyring-update, and
finally setting signature checking back to its default value as
follows:
M-: (setq package-check-signature nil) RET
M-x package-refresh-contents
M-x package-install RET gnu-elpa-keyring-update RET
M-: (setq package-check-signature 'allow-unsigned) RET
It turned out that there where 5 packages that could be upgraded. So I
pressed ⇧U to select them all followed by M-x occur RET ^I RET. This showed the five packages ready to be upgraded. I used X
to install the five packages. However, this resulted in yet another
error (reformatted for clarity) after installing two packages
successfully:
Failed to verify signature let-alist-1.0.6.tar.sig:
Good signature from 645357D2883A0966 GNU ELPA Signing Agent (2023)
<elpasign@elpa.gnu.org> (trust undefined) created at 2024-03-31T11:35:04+0200
using (unknown algorithm 22)
Signature made by expired key 066DAFCB81E42C40 GNU ELPA Signing Agent (2019)
<elpasign@elpa.gnu.org>
Command output:
gpg: Signature made Sun Mar 31 11:35:04 2024 CEST
gpg: using RSA key C433554766D3DDC64221BFAA066DAFCB81E42C40
gpg: Good signature from "GNU ELPA Signing Agent (2019)
<elpasign@elpa.gnu.org>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: C433 5547 66D3 DDC6 4221 BFAA 066D AFCB 81E4 2C40
gpg: Signature made Sun Mar 31 11:35:04 2024 CEST
gpg: using EDDSA key 0327BE68D64D9A1A66859F15645357D2883A0966
gpg: Good signature from "GNU ELPA Signing Agent (2023) <elpasign@elpa.gnu.org>"
[unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: AC49 B8A5 FDED 6931 F40E E78B F993 C037 86DE 7ECA
Subkey fingerprint: 0327 BE68 D64D 9A1A 6685 9F15 6453 57D2 883A 0966
The culprit was let-alist so I decided to not upgrade that package
until I have figured out how to fix the above issue. I did this by
pressing ⇧U again and removing the mark from let-alist by pressing
U on the line for let-alist. After this X did an upgrade of the
two other remaining packages.
Because it was already late when I was done with testing and blogging about it I decided to check out the themes on a different day.
Related
- Aquamacs - The Emacs for the Mac