How do I update to the latest version of GnuPG?

verizonhireless · June 2, 2026, 3:44am

Hello,

I want to install a newer version of GPG than what the ubuntu repositories provide. This is because GPG has released a new version that supports Kyber, allowing for post-quantum cryptography. https://alternativeto.net/news/2026/4/gnupg-introduces-support-for-post-quantum-crypto-encryption-and-64-bit-windows-improvements/

So I am following the instructions on GnuPG package repository (stable releases) for Ubuntu 24.04 LTS »Noble Numbat«.

sudo gpg \
  --no-default-keyring \
  --keyring /usr/share/keyrings/gnupg-keyring.gpg \
  --fetch-keys https://repos.gnupg.org/deb/gnupg/noble/gnupg-signing-key.gpg

echo "Types: deb deb-src
URIs: https://repos.gnupg.org/deb/gnupg/noble/
Suites: noble
Components: main
Signed-By: /usr/share/keyrings/gnupg-keyring.gpg" | \
  sudo tee /etc/apt/sources.list.d/gnupg.sources

But now I am stuck. This is because I am getting package conflicts between ubuntu's version of GPG and this new version of GPG.

sudo apt install gnupg2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 gnupg2 : Depends: gnupg (>= 2.5.20-1) but 2.4.4-2ubuntu17.4 is to be installed
E: Unable to correct problems, you have held broken packages.

apt policy gnupg
gnupg:
  Installed: 2.4.4-2ubuntu17.4
  Candidate: 2.5.20-1
  Version table:
     2.5.20-1 500
        500 https://repos.gnupg.org/deb/gnupg/noble noble/main amd64 Packages
        500 https://repos.gnupg.org/deb/gnupg/noble noble/main i386 Packages
 *** 2.4.4-2ubuntu17.4 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main i386 Packages
        100 /var/lib/dpkg/status
     2.4.4-2ubuntu17 500
        500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble/main i386 Packages

apt policy gnupg2
gnupg2:
  Installed: 2.4.4-2ubuntu17.4
  Candidate: 2.5.20-1
  Version table:
     2.5.20-1 500
        500 https://repos.gnupg.org/deb/gnupg/noble noble/main amd64 Packages
        500 https://repos.gnupg.org/deb/gnupg/noble noble/main i386 Packages
 *** 2.4.4-2ubuntu17.4 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/universe i386 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/universe i386 Packages
        100 /var/lib/dpkg/status
     2.4.4-2ubuntu17 500
        500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble/universe i386 Packages

How do I fix this?

Forpli · June 2, 2026, 5:54am

Maybe

sudo dpkg --configure -a

sudo apt install -f

And then remove gnupg2

swarfendor437 · June 2, 2026, 7:47am

You need to add noble-devel package in order to use the latest version of GnuPG. Use Synaptic Package Manager and search for it.

Nourpon · June 2, 2026, 8:32am

Read on Ask Ubuntu

The issue is a dependency ordering problem. Your system is trying to install gnupg2 2.5.20-1 (which requires gnupg >= 2.5.20-1 ), but it's not simultaneously upgrading the gnupg package from 2.4.4 to 2.5.20.

Solution: Upgrade gnupg first

Explicitly upgrade the gnupg package before installing gnupg2 :

sudo apt install gnupg=2.5.20-1

Once that succeeds, then install:

sudo apt install gnupg2

Ponce-De-Leon · June 2, 2026, 10:26am

Welcome to the Forum!

What is not in the Instructions: Creating a File in /etc/apt/preferences.d/ to give the Repo a higher Priority that the Ubuntu Repo.

Nourpon · June 2, 2026, 10:29am

no the problem is not priority but dependency ordering install problem

Ponce-De-Leon · June 2, 2026, 10:36am

But when the Source has a higher Priority, it would take the Version from there. When You look at the Link, You can see what the Repo offers for Packages. And there is gnupg included.

Nourpon · June 2, 2026, 10:38am

I din't see this like that, so it should work, sorry

verizonhireless · June 4, 2026, 1:29am

Can you be more specific? By noble-devel, do you mean the package referred to at GnuPG package repository (development releases) for Ubuntu 24.04 LTS »Noble Numbat«? Or do you mean something else?

I would prefer to be on the stable version provided by repos.gnupg.org, rather than their development branch.

This does not work.

~$ sudo apt install gnupg=2.5.20-1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 gnupg : Depends: dirmngr (>= 2.5.20-1)
         Depends: gpg (>= 2.5.20-1)
         Depends: gpg-agent (>= 2.5.20-1)
         Depends: gpgsm (>= 2.5.20-1)
         Depends: scdaemon (< 2.5.20-1.1~)
         Depends: scdaemon (>= 2.5.20-1)
         Breaks: dirmngr (< 2.5.20-1)
         Breaks: dirmngr:i386 (< 2.5.20-1)
         Recommends: gnupg-utils (>= 2.5.20-1)
         Recommends: gpg-wks-client (>= 2.5.20-1) but 2.4.4-2ubuntu17.4 is to be installed
         Recommends: gpgv (>= 2.5.20-1)
E: Unable to correct problems, you have held broken packages.

I tried this, but unfortunately it does not work. Here are the contents of /etc/apt/preferences.d/gnupg-pin.

Package: *
Pin: origin repos.gnupg.org
Pin-Priority: 1000

With that pin, I get the following output.

~$ sudo apt install gnupg2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 gnupg2 : Depends: gnupg (>= 2.5.20-1) but 2.4.4-2ubuntu17.4 is to be installed
E: Unable to correct problems, you have held broken packages.

~$ apt policy gnupg2
gnupg2:
  Installed: 2.4.4-2ubuntu17.4
  Candidate: 2.5.20-1
  Version table:
     2.5.20-1 1000
       1000 https://repos.gnupg.org/deb/gnupg/noble noble/main amd64 Packages
       1000 https://repos.gnupg.org/deb/gnupg/noble noble/main i386 Packages
 *** 2.4.4-2ubuntu17.4 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/universe i386 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/universe i386 Packages
        100 /var/lib/dpkg/status
     2.4.4-2ubuntu17 500
        500 http://us.archive.ubuntu.com/ubuntu noble/universe amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble/universe i386 Packages

~$ apt policy gnupg
gnupg:
  Installed: 2.4.4-2ubuntu17.4
  Candidate: 2.5.20-1
  Version table:
     2.5.20-1 1000
       1000 https://repos.gnupg.org/deb/gnupg/noble noble/main amd64 Packages
       1000 https://repos.gnupg.org/deb/gnupg/noble noble/main i386 Packages
 *** 2.4.4-2ubuntu17.4 500
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble-updates/main i386 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu noble-security/main i386 Packages
        100 /var/lib/dpkg/status
     2.4.4-2ubuntu17 500
        500 http://us.archive.ubuntu.com/ubuntu noble/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu noble/main i386 Packages

If anyone has any other suggestions, I would appreciate it.

Ponce-De-Leon · June 4, 2026, 9:44am

verizonhireless:

What is not in the Instructions: Creating a File in /etc/apt/preferences.d/ to give the Repo a higher Priority that the Ubuntu Repo.

I tried this, but unfortunately it does not work. Here are the contents of /etc/apt/preferences.d/gnupg-pin.
Package: *
Pin: origin repos.gnupg.org
Pin-Priority: 1000

Maybe try it with changing to this:

Package: *
Pin: origin https://repos.gnupg.org/deb/gnupg/noble/
Pin-Priority: 1001

verizonhireless · June 4, 2026, 7:18pm

I am afraid that this does not work. The link in the pin field does not work. I suppose it does not like the https. And putting the pin priority at 1001 instead of 1000 does not make any difference.

Aravisian · June 4, 2026, 7:52pm

This is a very risky thread.

If running Kyber creates a critical need, you should isolate (such as installing the newer GnuGPG to /opt/gnupg) or containerize the newer build.

Trying to replace it on the existing system will not only send you into a dependency whirlpool (which skimming through the thread, appears you have experienced this already), it also opens you up to a variety of nebulous system errors that may not be obvious at first. Highly unstable.