Invalid signature for Kali Linux repositories : "The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository"

apt package-management kali-linux
186,944

Solution 1

Add the gpg key:

gpg --keyserver keyserver.ubuntu.com --recv-key 7D8D0BF6

Check the fingerprint:

gpg --fingerprint 7D8D0BF6

Sample output:

pub   rsa4096 2012-03-05 [SC] [expires: 2021-02-03]
      44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
uid           [ unknown] Kali Linux Repository <[email protected]>
sub   rsa4096 2012-03-05 [E] [expires: 2021-02-03]

then :

gpg -a --export 7D8D0BF6 | apt-key add -
apt update

Debian : SecureApt

update : 8 Feb , 2018.

Answer from the official documentation :

Note that if you haven’t updated your Kali installation in some time (tsk2), you will like receive a GPG error about the repository key being expired (ED444FF07D8D0BF6). Fortunately, this issue is quickly resolved by running the following as root:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add

Kali docs: how to deal with APT complaining about Kali's expired key

The easiest solution is to retrieve the latest key and store it in place where apt will find it:

sudo wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.asc

Solution 2

This is built in. If you already use Kali's repos, you don't need to get it from an external source:

$ sudo apt install kali-archive-keyring

I'm using a system that adds Kali to a Debian base, so I had to specify the release. You can check that as follows:

$ apt policy kali-archive-keyring
  Installed: 2015.2
  Candidate: 2015.2
  Version table:
     2018.1 1
          1 http://http.kali.org/kali kali-rolling/main amd64 Packages
          1 http://http.kali.org/kali kali-rolling/main i386 Packages
 *** 2015.2 100
        100 /var/lib/dpkg/status

$ sudo apt install kali-archive-keyring/kali-rolling

This way, you don't have to blindly trust that you're importing the right key in order to prevent a man-in-the-middle attack since the new key is signed by the old one within the repository.

If you don't already have this repository and therefore can't get this update, you have two choices:

1: Go to https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, download the .deb file, and install it via dpkg -i kali-archive-keyring*.deb

2: Add it via the repository anyway (it's "insecure" until you add it, though you're at least protected by the HTTPS download in the prior step):

$ sudo apt update -oAcquire::AllowInsecureRepositories=true
$ sudo apt install kali-archive-keyring
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  kali-archive-keyring
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,008 B of archives.
After this operation, 17.4 kB of additional space will be used.
Do you want to continue? [Y/n] 
WARNING: The following packages cannot be authenticated!
  kali-archive-keyring
Install these packages without verification? [y/N] y
…

Solution 3

As Kali Linux published in Twitter, your archive-keyring package is outdated. You need to update it by executing this (as root):

wget -q -O - https://archive.kali.org/archive-key.asc  | apt-key add

Solution 4

Execute these commands as root to fix your issue:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb

Solution 5

Old question, but the top result when searching for ED444FF07D8D0BF6 here.

Folks attempting to use Microsoft's instructions for installing Kali manually in Windows Subsystem for Linux (WSL or WSL2) will currently run into this issue. The Kali distribution linked on that page is 2019.2, so the signatures are already outdated as soon as it's installed.

The other answers here look to be outdated at this point, referencing older keyring packages. At this time, the correct update package/process is:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb
sudo dpkg -i kali-archive-keyring_2020.2_all.deb
Share:
186,944

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    I cannot update my Kali Linux, when trying to execute apt-get update I get this error message:

    # apt-get update

Get:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
Reading package lists... Done
W: GPG error: http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
E: The repository 'http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

    If you need my kernel version:

    # uname -a
4.13.0-kali1-amd64 #1 SMP Debian 4.13.10-1kali2 (2017-11-08) x86_64 GNU/Linux

    How can I fix this?

  • Adam Katz
    Adam Katz over 4 years
    This is tethered to the version of that package and therefore no longer works. See the second part of my answer for how to perform this method more reliably.
  • kilves76
    kilves76 about 3 years
    This is the only answer which works with Windows WSL2 Kali Linux, since it doesn't have gpg installed by default, and cannot execute the apt-key add command.
  • Ibrahim.H
    Ibrahim.H almost 3 years
    In some cases (like when you install a distro on android, ex:rootfs...), you can't find wget and you can't even install it (apt install wget doesn't work).
  • Joe Johnson
    Joe Johnson almost 3 years
    ** FOR WSL2: As mentioned above, this is the only working solution at this time. ** -- Note: I didn't see the above comment from @kilves76 until I had already tried all the other solutions -- I'm hoping someone sees my comment in addition and saves some time. --
  • Admin
    Admin almost 2 years
    I had to use this solutionfor 2022 for WSL 2: wget -O --no-check-certificate kali-archive-keyring_2022.1_all.deb sudo apt install ./kali-archive-keyring_2022.1_all.deb -- original youtube.com/watch?v=g0p9IM_dgR4
  • Admin
    Admin almost 2 years
    ** For WSL 2: Actually you may want to disregard the fix as more problems show up-- you must download from Windows store only and update from Windows store only. No other builds are likely to work.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Missing libappindicator1
Add repositories in Kali Linux 2.0
Error while installing wireless-bcm43142-dkms-6.20.55.19: dependency linux-headers is not satisfiable
How to update libc(glibc) on kali linux (debian based)?
Getting errors while trying to install a package in Kali Linux
How to upgrade Kali Linux
MongoDB Install Fails on Ubuntu 22.04 - Depends on libssl1.1 but it is not installable
Ubuntu Software Centre is gone! How can I get it back?
How to find the packages that depend on a certain package in apt?
Package ... is not available, but is referred to by another package