Can't add a Public Key to Ubuntu 22.04

Question

I'm getting an error while trying to update ubuntu. I tried to manually add the key mentioned in the errors to my system by using:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 871920D1991BC93C

But it doesn't make any changes and I still get the same error. And I am a bit concerned about my repositories as well. I kinda think I'm missing something here.

    sudo apt-get update
Hit:1 http://archive.canonical.com/ubuntu jammy InRelease
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]                                         
Hit:3 https://dl.winehq.org/wine-builds/ubuntu jammy InRelease                                          
Hit:4 https://repositories.intel.com/graphics/ubuntu focal InRelease                                    
Get:5 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]                  
Get:6 http://archive.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [107 kB]
Err:1 http://archive.canonical.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:4 https://repositories.intel.com/graphics/ubuntu focal InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B10C065DBB72B06
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Hit:8 https://repositories.intel.com/graphics/ubuntu jammy InRelease
Err:5 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:6 http://archive.ubuntu.com/ubuntu jammy-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.canonical.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repositories.intel.com/graphics/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B10C065DBB72B06
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Here is my sources.list output which I think it should not be correct because I changed it myself. I was in a lot trouble with the default one for 22.04, and so I decided to back in time a bit :

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ focal main restricted
deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted
Major bug fix updates produced after the final release of the
distribution.
deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted
N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
team. Also, please note that software in universe WILL NOT receive any
review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ focal universe
deb-src http://archive.ubuntu.com/ubuntu/ focal universe
deb http://archive.ubuntu.com/ubuntu/ focal-updates universe
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates universe
N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
team, and may not be under a free licence. Please satisfy yourself as to
your rights to use the software. Also, please note that software in
multiverse WILL NOT receive any review or updates from the Ubuntu
security team.
deb http://archive.ubuntu.com/ubuntu/ focal multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal multiverse
deb http://archive.ubuntu.com/ubuntu/ focal-updates multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates multiverse
N.B. software from this repository may not have been tested as
extensively as that contained in the main release, although it includes
newer versions of some applications which may provide useful features.
Also, please note that software in backports WILL NOT receive any review
or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
Uncomment the following two lines to add software from Canonical's
'partner' repository.
This software is not part of Ubuntu, but is offered by Canonical and the
respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu focal partner
deb-src http://archive

And here is my output for sudo apt-get update after all the changes:

sudo apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists... Done
W: http://archive.ubuntu.com/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

I still have the problem

Answer 1

In Ubuntu 22.04, a lot has changed with how apt handles keys now. Namely, apt-key is deprecated in favor of direct keyring management for each repository.

I'm going to assume that your main /etc/apt/sources.list file is specifically pointing everything at ubuntu.lafibre.info which is NOT a standard mirror.

The only real way to do this proper nowadays is to download the main keyring keys into either /etc/apt/keyrings/ and then add them one by one to your repositories' settings, or add them to /etc/apt/trusted.gpg.d then anything signed with that key will be trusted:

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 871920D1991BC93C
gpg --export 871920D1991BC93C | sudo tee /etc/apt/trusted.gpg.d/ubuntu.lafibre.info.gpg

This will first download the key to your standard gnupg keyring. We then take that key and export it in readable format to the file at /etc/apt/trusted.gpg.d/ubuntu.lafibre.info.gpg which should then work when you run sudo apt update.

Run sudo apt update and it should work now.

NOTICE: If you do this, you are trusting that PGP / GPG key to sign ANY repository, so this is not the most secure method. The more secure method is to download this key to /etc/apt/keyrings/ubuntu.lafibre.info.gpg then change every line that uses this URL to say deb [ signed-by=/etc/apt/keyrings/ubuntu.lafibre.info.gpg ] at the beginning instead of deb, which is the more secure approach.