0

I'm using Kali for Windows (long story) and I cannot seem to install anything due to invalid signatures. The gpg tool isn't even installed, so I can't use gpg to validate signatures.

I have tried the following, with no luck:

# sudo apt -o Acquire::AllowInsecureRepositories=true \
> -o Acquire::AllowDowngradeToInsecureRepositories=true \
> update
Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB]
Err:1 http://kali.download/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.

I've also tried the following, with an error as well:

# wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add
E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation
Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
user3447014
  • 269
  • 4
  • 15
  • Same error; don't know if it's a duplicate: https://unix.stackexchange.com/questions/421821/invalid-signature-for-kali-linux-repositories-the-following-signatures-were-i – Jeff Schaller Feb 27 '21 at 22:23

1 Answers1

0

If you're having this problem because you downloaded Kali for WSL directly as an .appx package (not from the MS Store) - I've read in another post that this package seems to be broken. (The MS Store version worked for me without problems)

But if you do not have access to the MS Store -- To fix the specific problem of invalid signature - the following worked for me:

wget https://http.kali.org/kali/pool/main/k/kali-archive-keyring/kali-archive-keyring_2020.2_all.deb

apt install ./kali-archive-keyring_2020.2_all.deb

as root (or use sudo) the second command throws an error at the end which can be ignored. apt-get update worked without problems afterwards.

If kali-archive-keyring_2020.2_all.deb has been updated, you can check here for new versions and modify the link: https://http.kali.org/kali/pool/main/k/kali-archive-keyring/

mehdi
  • 1