Ошибка gpg kali linux

Invalid signature for Kali Linux repositories : «The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository»

Note that if you haven’t updated your Kali installation in some time (tsk2), you will like receive a GPG error about the repository key being expired ( ED444FF07D8D0BF6 ). Fortunately, this issue is quickly resolved by running the following as root:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add 

The easiest solution is to retrieve the latest key and store it in place where apt will find it:

sudo wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-keyring.asc 

In some cases (like when you install a distro on android, ex: rootfs . ), you can’t find wget and you can’t even install it ( apt install wget doesn’t work).

if this key cannot be ultimately trusted, please follow trog.qgl.org/20091030/… to trust it ultimately.

Download the key of the kali package repository with this command:

wget -q -O - https://archive.kali.org/archive-key.asc | apt-key add 

This is built in. If you already use Kali’s repos, you don’t need to get it from an external source:

$ sudo apt install kali-archive-keyring 

I’m using a system that adds Kali to a Debian base, so I had to specify the release. You can check that as follows:

$ apt policy kali-archive-keyring Installed: 2015.2 Candidate: 2015.2 Version table: 2018.1 1 1 http://http.kali.org/kali kali-rolling/main amd64 Packages 1 http://http.kali.org/kali kali-rolling/main i386 Packages *** 2015.2 100 100 /var/lib/dpkg/status $ sudo apt install kali-archive-keyring/kali-rolling 

This way, you don’t have to blindly trust that you’re importing the right key in order to prevent a man-in-the-middle attack since the new key is signed by the old one within the repository.

Update: Here’s an /etc/apt/sources.list.d/kali.list and /etc/apt/preferences.d/kali-repos.pref, designed to be secondary to another distribution (like Debian), that’ll avoid this issue in the future.

If you don’t already have this repository and therefore can’t get this update, you have two choices:

1: Go to https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, download the .deb file, and install it via dpkg -i kali-archive-keyring*.deb

2: Add it via the repository anyway (it’s «insecure» until you add it, though you’re at least protected by the HTTPS download in the prior step):

$ sudo apt update -oAcquire::AllowInsecureRepositories=true $ sudo apt install kali-archive-keyring Reading package lists. Done Building dependency tree Reading state information. Done The following NEW packages will be installed: kali-archive-keyring 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 7,008 B of archives. After this operation, 17.4 kB of additional space will be used. Do you want to continue? [Y/n] WARNING: The following packages cannot be authenticated! kali-archive-keyring Install these packages without verification? [y/N] y … 

You’re now synced with the first part of this answer. Consider using the kali.list and kali-repos.pref I linked there so you don’t repeat this problem.

Читайте также:  Ubuntu debian elementary os mint ezgo linux pop os перевод

Источник

Error in Kali Linux ‘The following signatures were invalid’ (SOLVED)

How to solve ‘An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error’ in Kali Linux

If you use the apt command, for example, to update package information, or if you install a new package, you can face with an error:

apt update Get:1 http://mirrors.dotsrc.org/kali kali-rolling InRelease [30.5 kB] Err:1 http://mirrors.dotsrc.org/kali kali-rolling InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository Reading package lists… Done Building dependency tree Reading state information… Done All packages are up to date. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://mirrors.dotsrc.org/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository W: Some index files failed to download. They have been ignored, or old ones used instead.

If this problem occurs, then to solve it, run the following command:

sudo apt-get -y install kali-archive-keyring

If the problem persists, then try the following commands:

wget 'https://archive.kali.org/archive-key.asc' cat archive-key.asc | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/kali.gpg --import sudo chmod 644 /etc/apt/trusted.gpg.d/kali.gpg

Reason and description of the problem

All packages that are installed into the system from official repositories have a cryptographic signature that ensures that the package was created by the official Kali Linux maintainer and that thereafter no changes were made to it.

To verify the packets, each user must have a public key. In case of changing keys for signing packages, it is also necessary to change the public key in user systems. Supporters of the Kali Linux distribution know in advance when keys need to be updated, so even before changing keys, a new public key is added to the user’s systems during the next update. Therefore, for users, changing keys, usually, runs smoothly and unnoticed.

Nevertheless, there are possible situations when the system has not been updated for a long time (i.e., it does not ‘know’ about the changed keys), and new packages in the official repositories have already been signed with a new key. In this situation, the above error occurs.

Читайте также:  Geforce now electron linux

By the two commands that are given to solve the problem, we download the public key from the official Kali Linux website and add it to the system as a trusted one.

Then there’s even more theory about packet authentication.

Validating Package Authenticity

System upgrades are very sensitive operations and you really want to ensure that you only install official packages from the Kali repositories. If the Kali mirror you are using has been compromised, a computer cracker could try to add malicious code to an otherwise legitimate package. Such a package, if installed, could do anything the cracker designed it to do including disclose passwords or confidential information. To circumvent this risk, Kali provides a tamper-proof seal to guarantee — at install time — that a package really comes from its official maintainer and hasn’t been modified by a third party.

The seal works with a chain of cryptographic hashes and a signature. The signed file is the Release file, provided by the Kali mirrors. It contains a list of the Packages files (including their compressed forms, Packages.gz and Packages.xz, and the incremental versions), along with their MD5, SHA1, and SHA256 hashes, which ensures that the files haven’t been tampered with. These Packages files contain a list of the Debian packages available on the mirror along with their hashes, which ensures in turn that the contents of the packages themselves haven’t been altered either.

The trusted keys are managed with the apt-key command found in the apt package. This program maintains a keyring of GnuPG public keys, which are used to verify signatures in the Release.gpg files available on the mirrors. It can be used to add new keys manually (when non-official mirrors are needed). Generally however, only the official Kali keys are needed. These keys are automatically kept up-to-date by the kali-archive-keyring package (which puts the corresponding keyrings in /etc/apt/trusted.gpg.d). However, the first installation of this particular package requires caution: even if the package is signed like any other, the signature cannot be verified externally. Cautious administrators should therefore check the fingerprints of imported keys before trusting them to install new packages:

Источник

Ошибка gpg kali linux

Ошибка выглядит приблизительно так:
root@kali:~# sudo apt-get update
Игн:1 http://dl.google.com/linux/chrome/deb stable InRelease
Сущ:2 http://dl.google.com/linux/chrome/deb stable Release
Пол:4 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease [30,5 kB]
Ошк:4 http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease
Следующие подписи неверные: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository
Чтение списков пакетов… Готово
W: Произошла ошибка при проверке подписи. Репозиторий не обновлён и будут использованы предыдущие индексные файлы. Ошибка GPG: http://kali.mirror.garr.it/mirrors/kali kali-rolling InRelease: Следующие подписи неверные: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository
W: Не удалось получить http://http.kali.org/kali/dists/kali-rolling/InRelease Следующие подписи неверные: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository
W: Некоторые индексные файлы не скачались. Они были проигнорированы или вместо них были использованы старые версии.

Для решения проблемы необходимо
Скачать публичный ключ с официального сайта Kali Linux

Читайте также:  Command for linux restart

root@kali:~# wget ‘https://archive.kali.org/archive-key.asc’
—2018-03-11 10:52:50— https://archive.kali.org/archive-key.asc
Распознаётся archive.kali.org (archive.kali.org)… 192.99.45.140
Подключение к archive.kali.org (archive.kali.org)|192.99.45.140|:443. соединение установлено.
HTTP-запрос отправлен. Ожидание ответа… 200 OK
Длина: 3155 (3,1K) [application/octet-stream]
Сохранение в: «archive-key.asc»
archive-key.asc 100%[=====================================================>]
3,08K —.-KB/s за 0s
2018-03-11 10:52:51 (35,9 MB/s) — «archive-key.asc» сохранён [3155/3155]

Добавить публичный ключ в систему как доверенный командой apt-key add archive-key.asc

Источник

Saved searches

Use saved searches to filter your results more quickly

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Kali Linux cannot be updated due to invalid signatures #6681

Kali Linux cannot be updated due to invalid signatures #6681

Comments

Environment

Windows build number: Microsoft Windows [Version 10.0.21332.1010] Your Distribution version: Kali GNU/Linux Rolling 2019.2 (recently installed). Whether the issue is on WSL 2 and/or WSL 1: Linux version 5.4.72-microsoft-standard-WSL2 (oe-user@oe-host) (gcc version 8.2.0 (GCC)) #1 SMP Wed Oct 28 23:40:43 UTC 2020 

Steps to reproduce

  1. Install Kali Linux using a preview build for the Windows Insiders Program:
    wsl —install -d kali-linux
  2. Launch Kali Linux and try to update:
    sudo apt update

Expected behavior

The system downloads package information.

Actual behavior

The update fails with the following error:

Get:1 http://kali.download/kali kali-rolling InRelease [30.5 kB] Err:1 http://kali.download/kali kali-rolling InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository Fetched 30.5 kB in 1s (32.3 kB/s) Reading package lists. Done Building dependency tree Reading state information. Done All packages are up to date. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://kali.download/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository W: Failed to fetch http://http.kali.org/kali/dists/kali-rolling/InRelease The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository W: Some index files failed to download. They have been ignored, or old ones used instead. 

Additional information

The Kali Linux team suggested a solution in their Twitter account, however that doesn’t work for the subsystem because it requires GnuPG and that package is not installed by default. However, it can be fixed by running:

wget https://archive.kali.org/archive-key.asc -O /etc/apt/trusted.gpg.d/kali-archive-key.asc

As far as I know, this issue can be solved by updating the default installation keys.

The text was updated successfully, but these errors were encountered:

Источник

Оцените статью
Adblock
detector