View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001061Kali LinuxGeneral Bugpublic2014-02-26 12:042025-07-14 09:36
ReporterKALIMERO Assigned Tomuts  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version1.0.6 
Summary0001061: GPG BADSIG ED444FF07D8D0BF6 on apt-get update
Description

on apt-get update I get a gpg BADSIG ED444FF07D8D0BF6 error:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.kali.org kali/updates Release: The following signatures were invalid: BADSIG ED444FF07D8D0BF6 Kali Linux Repository [email protected]

W: Failed to fetch http://security.kali.org/kali-security/dists/kali/updates/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.

I did aptitude clean and reinstalled kali-archive-keyring, still same problem.

Additionaly this raises two issues:

  • I can not download the kali archive keyring via secured protocol.

root@kali:~# wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

  • I can not find the archive key fingerprint published on the kali website, so I can not check keys with
    apt-key fingerprint
Steps To Reproduce

apt-get update

Additional Information

From my understanding it is a loophole in the whole crypto packaging if the archive keyring is not available via a secured protocol like https. The key could easily be intercepted by a third party and therefor bad packages could be injected into kali install on network side. We do know nowadays, thanks to Mr. Snowden, that these techniques are not a theoretical issue.

Also it would be a good idea to publish the kali archive keyring fingerprint on the kali website.

Activities

muts

muts

2014-02-26 14:16

reporter   ~0001575

This happens when you apt-get update just as our mirror are synching. Waiting for a couple of minutes and trying again should resolve your issue.

Issue History

Date Modified Username Field Change
2014-02-26 12:04 KALIMERO New Issue
2014-02-26 14:16 muts Note Added: 0001575
2014-02-26 14:16 muts Status new => closed
2014-02-26 14:16 muts Assigned To => muts
2014-02-26 14:16 muts Resolution open => no change required
2025-07-14 09:36 g0tmi1k Priority high => normal