I asked a recent, separate Ask Ubuntu question with the following in the body:
W: An error occurred during the signature verification.
The repository is not updated and the previous index files will be used.
GPG error: https://dl.winehq.org/wine-builds/ubuntu bionic InRelease:
The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY 76F1A20FF987672F
As you can see part of my error message exposes PUBKEY 76F1A20FF987672F. Was this the public key of WINE, or is this my own public key?
Most importantly, is this PUBKEY 76F1A20FF987672F information I should NOT be posting on a public forum (this one)?
I assume a private key is the only thing I would never want to divulge. I'm reading Wikipedia's Public-key cryptography page now, but it's a little overwhelming.
Best Answer
No! This is the keyID of the key-pair from Winehq.org!!
This is not your public (or private) key. You probably don't have one yet. If you ever need a private-public key pair, you will have to create them.
The keyID is like the number on a physical key. the same number is also on a lock the key belongs to. There is no harm in posting this information in a public forum. The private key of winehq is safely with the... (guess who?)
WineHQ
WineHQ changed their private-public key combination. Why? The same reason people change their locks. Physical keys (and digital keys) get lost (or deleted) or stolen.
See signature verification error for wine - index files failed to download - changing mirror doesn't help for how to download the new public key from WineHQ. Once you have the new public key, the update will go through. The new public key will verify that the wine update is coming from the WineHQ and noone else. That is because only WineHQ has the matching private key.
Hope this helps