Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Kali Linux warns of update failures after losing repo signing key

    Karlston

    By Karlston,
    Published Date:

    • 246 views
    • 3 minutes
     Share
    • 246 views
    • 3 minutes

    Offensive Security warned Kali Linux users to manually install a new Kali repository signing key to avoid experiencing update failures.

     

    The announcement comes after OffSec lost the old repo signing key (ED444FF07D8D0BF6) and was forced to create a new one (ED65462EC8D5E4C5) signed by Kali Linux developers using signatures available on the Ubuntu OpenPGP key server. However, since the key was not compromised, the old one was not removed from the keyring.

     

    When trying to get the list of latest software packages on systems still using the old key, users will see "Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature" errors.

     

    While OffSec didn't share the date when it realized the key was lost, the company added that the Kali Linux repo was frozen on February 18th.

     

    "In the coming day(s), pretty much every Kali system out there will fail to update. [..] This is not only you, this is for everyone, and this is entirely our fault. We lost access to the signing key of the repository, so we had to create a new one," the company said.

     

    "At the same time, we froze the repository (you might have noticed that there was no update since Friday 18th), so nobody was impacted yet. But we're going to unfreeze the repository this week, and it's now signed with the new key."

     

    To avoid experiencing these update issues, OffSec advises users to manually download and install the new repository signing key using the following command: 

    sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg

    OffSec also provides details on how to check that the checksum of the file matches and view the contents of the updated keyring. Those who don't trust manually updating the keyring can also reinstall Kali on their systems using images updated with the new keyring.

     

    This isn't the first time Kali Linux users have had to manually update their keyring to avoid having update issues. In February 2018, Kali devs also let the GPG key expire and asked users to update the new key manually.

     

    "If you don't update Kali regularly (*cough*), then your archive-keyring package is outdated, and you'll get key mismatches when working with our repositories. Sucks for you, but at least you can manually update," the Kali team said at the time.

     

    Source

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every day for many years.

    News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of March): 1,357

    RIP Matrix | Farewell my friend  :sadbye:

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...