Invalid signature when trying to apt-get update on Kali

Question

I'm getting an invalid signature error when I try to apt-get update:

Ign:1 http://dl.google.com/linux/chrome/deb stable InRelease

Hit:2 http://dl.google.com/linux/chrome/deb stable Release 

Hit:4 https://download.sublimetext.com apt/dev/ InRelease                      

Hit:5 http://deb.i2p2.no unstable InRelease                         

Get:6 http://ftp.yzu.edu.tw/Linux/kali kali-rolling InRelease [30.5 kB]

Err:6 http://ftp.yzu.edu.tw/Linux/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.yzu.edu.tw/Linux/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.

Why is this happening? How can I fix it?

okay i will try my best but can you suggest me why this kind of error occurs — Niraj Chemjong, Feb 05 '18 at 10:04
It looks like you need to import the key that has the fingerprint ED444FF07D8D0BF6. The [kali forums seem to have a solution.](https://forums.kali.org/showthread.php?18079-Public-key-error) — Torin, Feb 05 '18 at 10:09
if you are a "noob", you shouldn't be using kali. use a distro that isn't deliberately broken and crippled. any general purpose distro will do. — cas, Feb 05 '18 at 11:20

score 58 · Answer 1 · answered Feb 06 '18 at 05:19

58

Per: https://twitter.com/kalilinux/status/959515084157538304, your archive-keyring package is outdated. You need to do this (as root):

wget -q -O - https://archive.kali.org/archive-key.asc  | apt-key add

answered Feb 06 '18 at 05:19

rootshellz

760
1
6
7

thats what fixes my issue amazing, thank you – The Doctor Jan 25 '23 at 03:00
No valid openpgp data found (in my case). – Bob Ebert Feb 12 '23 at 21:35

AsmuAsheer · Answer 2 · 2018-02-05T17:38:58.927

7

Try this:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2018.1_all.deb
apt install ./kali-archive-keyring_2018.1_all.deb
apt-get update

Kali forum have this thread where you can look for further if this don't work.

edited Feb 05 '18 at 17:38

answered Feb 05 '18 at 10:13

AsmuAsheer

81
6

This is tethered to the version of that package and therefore no longer works. See the second part of [my answer](https://unix.stackexchange.com/a/422114/87770) for how to perform this method more reliably. – Adam Katz Oct 02 '19 at 20:39

score 5 · Answer 3 · answered Feb 05 '18 at 16:50

5

You're missing the key that Kali uses to sign their packages. You can use gpg to download the key and apt-key add to add it:

gpg --keyserver pgpkeys.mit.edu --recv-key  ED444FF07D8D0BF6
gpg -a --export ED444FF07D8D0BF6 | sudo apt-key add -

answered Feb 05 '18 at 16:50

Michael Mrozek

91,316
38
238
232

Invalid signature when trying to apt-get update on Kali

3 Answers3