news
Urgent Update: Kali Linux Users Must Manually Install New Repository Key
Quoting: Urgent Update: Kali Linux Users Must Manually Install New Repository Key —
In an unexpected twist, Kali Linux users worldwide may notice their routine apt update workflow grinding to a halt this week. The culprit is neither a network outage nor a rogue mirror but a newly created OpenPGP signing key that the distribution’s maintainers have been forced to adopt.
Consequently, systems attempting to verify the “kali-rolling” repository will throw an error complaining about the missing key “827C 8569 F251 8CC6 77FE CA1A ED65 462E C8D5 E4C5.”
Okay, what happened? According to the Kali project, maintainers recently lost access to the previous repository-signing key. Rather than risk any ambiguity about package authenticity, the team chose to freeze the repository on Friday, April 18, 2025, while generating and rigorously validating a replacement key.
Update
-
A New Kali GNU/Linux Archive Signing Key
TL;DR
Bad news for Kali GNU/Linux users! In the coming day(s),
apt update
is going to fail for pretty much everyone out there:Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature.
Reason is, we had to roll a new signing key for the Kali repository. You need to download and install the new key manually, here’s the one-liner:
└─$ sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
Now your Kali is ready to keep rolling! Sorry for the inconvenience. -
Kali issues warning to users about update failures due to lost repository signing key
Kali Linux's maintainer, OffSec, has lost the repository signing key. This means updates will fail until you manually install the new key.
BetaNews:
-
Kali Linux users warned that updates are likely to fail for a few days
Showing that it is not just Windows 11 that has issues with updates, Offensive Security has issued a warning that Kali Linux updates are likely to fail “in the coming days”.
The Linux distro has proved an important tool in penetration testing, acting as a valuable security tool for many users. The team behind Kali Linux says that “pretty much every Kali system out there will fail to update”, and it bears full responsibility: “This is not only you, this is for everyone, and this is entirely our fault”. But there is a solution.
Bleeping nonsense:
-
Kali Linux warns of update failures after losing repo signing key
Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.
The announcement comes after OffSec lost the old repo signing key (ED444FF07D8D0BF6) and was forced to create a new one (ED65462EC8D5E4C5) signed by Kali Linux developers using signatures available on the Ubuntu OpenPGP key server. However, since the key was not compromised, the old one was not removed from the keyring.
When trying to get the list of latest software packages on systems still using the old key, users will see "Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature" errors.
It's FOSS:
-
Kali Linux Users Need to do This Right Away!
There aren't many rolling release distros that are designed for penetration testing, ethical hacking, and digital forensics.
Kali Linux caters to this niche by being a purpose-built distro with a wide arsenal of security tools, allowing cybersecurity professionals and enthusiasts to perform penetration testing.
The people behind it recently shared an important development that affects all Kali Linux users.
What's Happening: The Kali Linux team has lost access to their previous repository signing key, which was used to verify the authenticity of packages during updates. As a result, in the coming days, running apt update is going to fail for all Kali Linux users out there.
LWN:
-
Signing key change for Kali Linux
The Kali GNU/Linux distribution has announced that software updates will soon start failing for all users: [...]
IDG:
-
Alert to Kali Linux admins: Get the new signing key or no distro updates for you
Kali Linux administrators who haven’t manually updated the signing key for the operating system’s repository are going to find that they can’t get updates.
This comes after the overseers of the open source distribution aimed at penetration testers and other infosec pros admitted this week that they lost access to the signing key for the Kali repository, and had to roll out a new one.
“This is entirely our fault,” Kali acknowledged in a blog.
In fact, the incident happened over a week ago, and Kali had to freeze the update repository on April 18, when a new signing key was created. That’s why no one has been impacted yet. However, this week the repository will be available, and those who don’t have the new signing key will find they can’t do automatic updates.