https://www.kali.org/blog/new-kali-archive-signing-key
Offensive Security has announced that Kali Linux users will need to manually install a new repository signing key following the loss of the previous key. Without this update, users will experience system update failures.
The company recently lost access to the old repository signing key (ED444FF07D8D0BF6) and had to create a new one (ED65462EC8D5E4C5), which has been signed by Kali Linux developers using signatures on the Ubuntu OpenPGP key server. OffSec emphasized that the key wasn’t compromised, so the old one remains in the keyring.
Users attempting to update their systems with the old key will encounter error messages stating “Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature.”
To address this issue, the Kali Linux repository was frozen on February 18th. “In the coming day(s), pretty much every Kali system out there will fail to update,” OffSec warned. “This is not only you, this is for everyone, and this is entirely our fault.”
To avoid update failures, users are advised to manually download and install the new repository signing key by running the command: sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
For users unwilling to manually update the keyring, OffSec recommends reinstalling Kali using images that include the updated keyring.
This isn’t the first time Kali Linux users have faced such issues. A similar incident occurred in February 2018 when developers allowed the GPG key to expire, also requiring manual updates from users.