Offensive Security, the company that maintains Kali Linux, has some bad news for users. If you use Kali Linux, you might soon find that your system is unable to update its software.
The reason is that Offensive Security lost access to the signing key used for the Kali software repository. Linux systems rely on these cryptographic keys to verify the authenticity and integrity of packages before installing them. When the expected key is missing or incorrect, the package manager, apt, throws an error and refuses to proceed with updates.
The Kali team stated that the repository was frozen for a few days, but it is now being unfrozen, and updates are signed with a new key. This means pretty much everyone who tries to run apt update on an existing Kali installation will see an error message like this:
Err:1 https://http.kali.org/kali kali-rolling InRelease
Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature.
So, what does a Kali user need to do? The Kali team says you need to manually download and install the new archive signing key. The easiest way involves opening a terminal and running a command. The team suggests using wget like this:
sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
A curl option is also available for those who prefer it:
sudo curl https://archive.kali.org/archive-keyring.gpg -o /usr/share/keyrings/kali-archive-keyring.gpg
After running that command, your system should have the new key installed, and apt update will work again, allowing you to get the latest security patches and software. Kali also recommends verifying the checksum of the downloaded key file as a good practice to ensure the file is legitimate.
sha1sum /usr/share/keyrings/kali-archive-keyring.gpg 603374c107a90a69d983dbcb4d31e0d6eedfc325 /usr/share/keyrings/kali-archive-keyring.gpg
If you prefer not to mess with manual steps, Offensive Security has also released updated Kali images (version 2025.1c or newer weekly builds) that include the new keyring right out of the box. You can download these images to install a fresh system that is ready to update immediately.
It is important to note that OffSec stated this issue is not due to the old key being compromised. If the key had been compromised, the company would have removed it from the keyring entirely and provided a revocation certificate. This situation is more akin to an administrative mishap, similar to a time in 2018 when a previous Kali key accidentally expired, causing a comparable update problem for users who had not updated their archive-keyring package regularly.
Still on the topic of Linux, we recently compiled a list of must-have apps for new Linux users in 2025. You can read that piece here.
5 Comments - Add comment