Offensive Security (OffSec) has alerted Kali Linux users about a critical update issue requiring manual installation of a new repository signing key.
Background on the Key Change
OffSec lost access to its previous signing key (ED444FF07D8D0BF6) and has generated a replacement (ED65462EC8D5E4C5), now signed by Kali developers and published via the Ubuntu OpenPGP key server. While the old key remains in the keyring, it was not compromised.
Users relying on the outdated key will face errors such as:
“Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify the signature.”
OffSec has not disclosed when they lost access to the key, but confirmed that the Kali repository was frozen on February 18th to mitigate disruptions.
Impact on Users
According to OffSec, this issue will soon affect nearly every Kali system:
“This issue impacts everyone. It’s entirely our fault—we lost access to the signing key and had to create a new one. We froze the repository temporarily, but will soon unfreeze it, now signed with the new key.”
How to Install the New Key
To prevent update failures, users should manually install the new signing key by running:
sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
OffSec has also provided instructions for verifying the checksum and reviewing the updated keyring contents. Alternatively, users can reinstall Kali using the latest system images, which already include the new key.