There aren't many rolling release distros that are designed for penetration testing, ethical hacking, and digital forensics.
Kali Linux caters to this niche by being a purpose-built distro with a wide arsenal of security tools, allowing cybersecurity professionals and enthusiasts to perform penetration testing.
The people behind it recently shared an important development that affects all Kali Linux users.
What's Happening: The Kali Linux team has lost access to their previous repository signing key, which was used to verify the authenticity of packages during updates. As a result, in the coming days, running apt update is going to fail for all Kali Linux users out there.
They have already generated a new key, which has most likely gone through extensive testing and validation so that users don't have a bad experience when migrating.
How to Fix: Mending this impending issue is easy; you just have to add the new signing key to your Kali Linux keyring.
You can either run this in the terminal:
sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
Or, this, if you prefer curl:
sudo curl https://archive.kali.org/archive-keyring.gpg -o /usr/share/keyrings/kali-archive-keyring.gpg
The video below shows the wget method. 👇
0:00/0:10 1×
After you are done, you should verify that the updated keyring contains both the old signing key: ED444FF07D8D0BF6 and the new signing key: ED65462EC8D5E4C5. The old one is around because it was never compromised, and it is there to make sure there is no breakage with packages signed with it.
Lastly, run sudo apt update to see if it throws any errors.
Alternatively, you can download the 2025.1c image or the weekly Kali Linux images (2025-W17 and later) to get the new signing key. These images are identical to the previous releases, but with this new change.
If you want to verify whether the new key is legit, then you can visit the Ubuntu OpenPGP Keyserver.
Suggested Read 📖
It's FOSSAbhishek Prakash
From It's FOSS News via this RSS feed