I was trying to create a Kali Linux VM the other day and the internet was really slow out of sudden. It was one of those days when your web browser gradually increases the remaining minutes and eventually says ‘shit, I’m lost now’
That’s when I decided to use an old copy of Kali ISO I downloaded a year ago. I just need one screenshot from the Kali VM so all others things like; security, compatibility didn’t seem matter. After I created a Kali VM using the old ISO from 2017, I ran ‘apt-get update‘ then Kali said: “F* you, a*hole”.
According to the error message, it seems the old copy of Kali was actually too old and the GPG(Gnu Privacy Guard) key was expired. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. GPG allows users to encrypt and sign their data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. (source: https://www.gnupg.org/)
GPG error: http://mirrors.ocf.berkeley.edu/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <email@example.com>
When a package is installed thru the official repository, the package’s signature will be verified by the user’s Kali machine using the package’s public key. So if the key has expired, there is no way to verify the legitimacy of the package, hence the error message. Lucky for us, there are a few ways get this problem lifted. First, you can update the key manually using the following commands.
wget 'https://archive.kali.org/archive-key.asc' apt-key add archive-key.asc
The other way to solve this problem is the ‘upgrade’ command. Although it’s a long process and requires user interventions several times during the process, if you used an older installation disc, it is highly recommended. It can be done by the following command;
apt-get update && apt-get upgrade
And, that’s it.