Kali Linux 发布了一个新的存档签名密钥,所有 Kali Linux 更新时都会遇到这个问题,所以需要将签名更新一下

更新步骤

wget 和 curl 两种方式选一种你喜欢的就可以

wget 方式

┌──(kali㉿kali)-[~]
└─$ sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg

curl 方式

┌──(kali㉿kali)-[~]
└─$ sudo curl https://archive.kali.org/archive-keyring.gpg -o /usr/share/keyrings/kali-archive-keyring.gpg

可以使用 sha1sum 测试你下载密钥是否正确,想省事点话看最后 5 位就好,确认是否为 fc325

┌──(kali㉿kali)-[~]
└─# sha1sum /usr/share/keyrings/kali-archive-keyring.gpg
603374c107a90a69d983dbcb4d31e0d6eedfc325  /usr/share/keyrings/kali-archive-keyring.gpg

也可以仔细查看一下已存在的密钥,它包含旧签名密钥(ED444FF07D8D0BF6)和新签名密钥(ED65462EC8D5E4C5

┌──(kali㉿kali)-[~]
└─$ gpg --no-default-keyring --keyring /usr/share/keyrings/kali-archive-keyring.gpg -k
/usr/share/keyrings/kali-archive-keyring.gpg
--------------------------------------------
pub   rsa4096 2025-04-17 [SC] [expires: 2028-04-17]
      827C8569F2518CC677FECA1AED65462EC8D5E4C5
uid           [ unknown] Kali Linux Archive Automatic Signing Key (2025) <devel@kali.org>

pub   rsa4096 2012-03-05 [SC] [expires: 2027-02-04]
      44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
uid           [ unknown] Kali Linux Repository <devel@kali.org>
sub   rsa4096 2012-03-05 [E] [expires: 2027-02-04]

随后你就可以正常 apt update

┌──(kali㉿kali)-[~]
└─# sudo apt update
[...]
68 packages can be upgraded. Run 'apt list --upgradable' to see them.

🧸参考文献

A New Kali Linux Archive Signing Key | Kali Linux Blog