In an unexpected twist, Kali Linux users worldwide may notice their routine apt update workflow grinding to a halt this week. The culprit is neither a network outage nor a rogue mirror but a newly created OpenPGP signing key that the distribution’s maintainers have been forced to adopt.
Consequently, systems attempting to verify the “kali-rolling” repository will throw an error complaining about the missing key “827C 8569 F251 8CC6 77FE CA1A ED65 462E C8D5 E4C5.”
Okay, what happened? According to the Kali project, maintainers recently lost access to the previous repository-signing key. Rather than risk any ambiguity about package authenticity, the team chose to freeze the repository on Friday, April 18, 2025, while generating and rigorously validating a replacement key.
Only after that precautionary pause did they resume publication, signing every repository index with the new credential. However, this immediately resulted in a headache on the user side, with the sudden “signature verification failed” messages popping up in terminals everywhere.
Happily, the remedy is straightforward. Anyone running Kali Linux should download and install the new keyfile:
sudo wget https://archive.kali.org/archive-keyring.gpg \
-O /usr/share/keyrings/kali-archive-keyring.gpgCode language: Bash (bash)Or if you prefer using curl:
sudo curl https://archive.kali.org/archive-keyring.gpg \
-o /usr/share/keyrings/kali-archive-keyring.gpgCode language: Bash (bash)Once the key is in place, sudo apt update should perform flawlessly, listing the usual array of upgradable packages.
Moreover, the project has shipped a refreshed set of installation media labeled 2025.1c. Apart from the updated keyring, these ISOs are identical to the 2025.1 release from last month.
Was the old key compromised? Not at all, say the maintainers. They continue to sit inside the new keyring for historical verification purposes, and no revocation certificate has been issued.
For more information, see the announcement.
