An error occurred during the signature verification kali linux

Ethical hacking and penetration testing

InfoSec, IT, Kali Linux, BlackArch

Error in Kali Linux ‘The following signatures were invalid’ (SOLVED)

How to solve ‘An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error’ in Kali Linux

If you use the apt command, for example, to update package information, or if you install a new package, you can face with an error:

If this problem occurs, then to solve it, run the following commands:

Reason and description of the problem

All packages that are installed into the system from official repositories have a cryptographic signature that ensures that the package was created by the official Kali Linux maintainer and that thereafter no changes were made to it.

To verify the packets, each user must have a public key. In case of changing keys for signing packages, it is also necessary to change the public key in user systems. Supporters of the Kali Linux distribution know in advance when keys need to be updated, so even before changing keys, a new public key is added to the user’s systems during the next update. Therefore, for users, changing keys, usually, runs smoothly and unnoticed.

Nevertheless, there are possible situations when the system has not been updated for a long time (i.e., it does not ‘know’ about the changed keys), and new packages in the official repositories have already been signed with a new key. In this situation, the above error occurs.

By the two commands that are given to solve the problem, we download the public key from the official Kali Linux website and add it to the system as a trusted one.

Then there’s even more theory about packet authentication.

Validating Package Authenticity

System upgrades are very sensitive operations and you really want to ensure that you only install official packages from the Kali repositories. If the Kali mirror you are using has been compromised, a computer cracker could try to add malicious code to an otherwise legitimate package. Such a package, if installed, could do anything the cracker designed it to do including disclose passwords or confidential information. To circumvent this risk, Kali provides a tamper-proof seal to guarantee — at install time — that a package really comes from its official maintainer and hasn’t been modified by a third party.

Источник

HackWare.ru

Этичный хакинг и тестирование на проникновение, информационная безопасность

Решение проблемы в Kali Linux «W: Произошла ошибка при проверке подписи. Репозиторий не обновлён и будут использованы предыдущие индексные файлы. Ошибка GPG»

Решение ошибки «Следующие подписи неверные» в Kali Linux

При использовании команды apt, например, для обновления информации о пакетах, либо при установке нового пакета, вы можете столкнуться с ошибкой:

Если у вас используется английская локаль, то ошибка будет выглядеть так:

Если вы столкнулись с этой проблемой, то для её исправления выполните следующие команды:

Причина и описание проблемы

Все пакеты, которые устанавливаются в систему из официальных репозиториев, имеют криптографическую подпись, которая гарантирует, что пакет создан официальным сопроводителем Kali Linux и в него в последующем не было внесено изменений.

Для верификации пакетов в системе каждого пользователя должен иметься публичный ключ. В случае смены ключей для подписания пакетов, также необходимо поменять публичный ключ в системах пользователей. Сопроводители дистрибутива Kali Linux заранее знают, когда должны быть обновлены ключи, поэтому ещё до смены ключей новый публичный ключ добавляется в системы пользователей во время очередного обновления. Поэтому для пользователей смена ключей, обычно, проходит гладко и незаметно.

Тем не менее, возможны ситуации, когда система давно не обновлялась (т.е. она не «знает» о сменившихся ключах), а новые пакеты в официальных репозиториях уже подписаны новым ключом. В этой ситуации будет возникать описанная выше ошибка.

Двумя командами, которые приведены для решения проблемы, мы скачиваем публичный ключ с официального сайта Kali Linux и добавляем его в систему как доверенный.

Далее ещё больше теории о проверки подлинности пакетов.

Проверка подлинности пакета

Обновление системы – очень чувствительная операция, и мы действительно хотим, чтобы у нас устанавливались только официальные пакеты из хранилищ Kali. Если зеркало Kali, которое вы используете, было скомпрометировано, взломщик компьютера может попытаться добавить вредоносный код в другой законный пакет. Такой пакет, если он попадёт в вашу систему, может делать все действия, которые в него заложил взломщик, включая раскрытие паролей или конфиденциальной информации. Чтобы обойти этот риск, Kali обеспечивает защиту от несанкционированного доступа, чтобы на время установки гарантировать, что пакет действительно исходит от его официального сопровождающего и не был изменен третьей стороной.

Источник

Недопустимая подпись для репозиториев Kali Linux: «Следующие подписи были недействительными: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository»

Я не могу обновить свой Kali Linux, при попытке выполнить apt-get update я получаю следующее сообщение об ошибке:

Если вам нужна моя версия ядра:

Как я могу это исправить?

Добавьте ключ gpg:

Проверьте отпечаток пальца:

Обновление: 8 февраля 2018 г.

Обратите внимание, что если вы не обновляли свою установку Kali в течение некоторого времени (tsk2), вы захотите получить сообщение об ошибке GPG об истечении срока действия ключа хранилища ( ED444FF07D8D0BF6 ). К счастью, эта проблема быстро решается с помощью следующей команды root:

Загрузите ключ хранилища пакетов kali с помощью этой команды:

затем запустите обновление.

Это встроено. Если вы уже используете репозитории Kali, вам не нужно получать его из внешнего источника:

Я использую систему, которая добавляет Kali в базу Debian, поэтому мне пришлось указать релиз. Вы можете проверить это следующим образом:

Таким образом, вам не нужно слепо полагать, что вы импортируете правильный ключ, чтобы предотвратить атаку «человек посередине», поскольку новый ключ подписан старым в репозитории.

Если у вас еще нет этого хранилища и, следовательно, вы не можете получить это обновление, у вас есть два варианта:

1: Перейдите на https://http.kali.org/kali/pool/main/k/kali-archive-keyring/ , загрузите файл .deb и установите его с помощью dpkg -i kali-archive-keyring*.deb

2: В любом случае добавьте его через репозиторий (это «небезопасно», пока вы его не добавите):

Источник

Invalid signature for Kali Linux repositories : «The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository»

I cannot update my Kali Linux, when trying to execute apt-get update I get this error message:

If you need my kernel version:

How can I fix this?

6 Answers 6

Add the gpg key:

Check the fingerprint:

update : 8 Feb , 2018.

Note that if you haven’t updated your Kali installation in some time (tsk2), you will like receive a GPG error about the repository key being expired ( ED444FF07D8D0BF6 ). Fortunately, this issue is quickly resolved by running the following as root:

Download the key of the kali package repository with this command:

then run the update.

This is built in. If you already use Kali’s repos, you don’t need to get it from an external source:

I’m using a system that adds Kali to a Debian base, so I had to specify the release. You can check that as follows:

This way, you don’t have to blindly trust that you’re importing the right key in order to prevent a man-in-the-middle attack since the new key is signed by the old one within the repository.

If you don’t already have this repository and therefore can’t get this update, you have two choices:

1: Go to https://http.kali.org/kali/pool/main/k/kali-archive-keyring/, download the .deb file, and install it via dpkg -i kali-archive-keyring*.deb

2: Add it via the repository anyway (it’s «insecure» until you add it):

Источник

Ethical hacking and penetration testing

InfoSec, IT, Kali Linux, BlackArch

Kali Linux updating troubleshooting

A full system update is performed as follows:

The update process requires:

• correct entry in repository list (application sources)
• Internet connection

Application sources (repositories) are written in the /etc/apt/sources.list file

To open a file, use the command

Lines that begin with the # character are comments, do not pay attention to them.

It is important that there is a line:

And this line should be the only uncommented.

The string can be:

It is identical, but HTTP is specified instead of HTTPS. The main thing is to have one of these options, and there are no other uncommented lines.

For more information on updating Kali Linux, any other commands and questions related to updating, see the help article “How to update Kali Linux”.

Error ‘E: Failed to fetch … Cannot initiate the connection’

Part of the output when information update failed because the connection was broken:

The key information here is:

That is, the system could not download some package files.

• you have an unstable internet connection and some files were not uploaded due to disconnections
• some time passed between updating the application cache and downloading files, during which the packages in the repository managed to be updated — that is, you are trying to download old packages, and are no longer available on the server, as they are replaced by new versions. Such a situation is likely, especially if you need to upgrade many packages, and your Internet connection is slow.

To solve the problem, simply restart the update with the commands:

This should completely correct the error.

During the update, a window or request appears that does not respond to clicks

Sometimes when updating, there are requests to the user, which may look like this:

Or look like this:

Since the update takes place in the console, what you see is a pseudo-graphic interface and use special buttons to work with it:

TAB – to navigate through the menu items

SPACE or ENTER – to select or deselect

Use the TAB key to go to the OK button and press ENTER to continue the update.

What to do if the program asks about updating the configuration file

With some updates of some packages, the structure of the configuration file changes. Sometimes the new file contains directives and settings that are necessary for the new version of the program, without which it cannot work.

To set up a program is almost always changing configuration files. The end result can be the result of long work with the configuration and a variety of tests. It may take hours or even days.

Therefore, if necessary, update the configuration, there is a dilemma:

• do not update the config, as a result of which the new version will not work normally
• update config and erase user configuration results

For this reason, the system asks you every time what needs to be done if the configuration file is updated with the program update?

If in reality you did not use this program, or the settings you have made are of no value to you, then always agree to update the configuration file. If the settings you have made are important to you, then:

• refuse to update the configuration file
• make a backup of your config, update the configuration file, and then make the necessary settings in it

For some packages, such as Tor, the configuration file is simply a set of comments in which no settings are active — for such files (if you have not changed them), the update is a mere formality.

Error: 1 404 Not Found [IP:

When updating, the following error may occur:

The key here is the ‘404 Not Found’ — that is, the package file was not found. The most common reason for this is an outdated cache with information about packages and links to download them.

Therefore, before updating packages, update the cache:

Or use such a combined command that will update the cache and immediately start downloading and installing updated versions of packages:

Error “E: Could not access the lock file /var/lib/dpkg/lock”

Perhaps the most common mistake when trying to update or install a new package:

All details on this error, as well as instructions for fixing here: https://miloserdov.org/?p=2016

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error:

The process of updating packages, in addition to downloading and unpacking them, also includes checking their digital signatures. This verification ensures:

• package integrity (that they were not damaged when downloading)
• receiving them from a reliable source (these packages were not modified or created by unauthorized persons

The digital signature is delivered to the system also packaged in a package that is updated along with other packages of the system. If too much time has passed and the digital signature verification files are out of date, then a vicious circle occurs: you cannot update the packages in the system, as they pass the digital signature verification. You cannot update digital signature verification files because they are shipped as a package, and packages cannot be updated because…

In general, the problem is solved by one command that downloads and installs the actual file for checking the digital signature, details here: https://miloserdov.org/?p=893

Kali Linux update is delayed for the whole day

In a virtual machine, I encounter a slowdown in updating packages in Kali Linux. As a result, a big update can literally drag on for the whole day. Moreover, the process of unpacking downloaded updated packages takes the most time. Unpacking the exploitdb or metasploit-framework may take literally hours!

This is not normal – apparently some kind of bug.

Personally, I chose a rather non-standard solution for me – I have Kali Linux installed on a real (and not virtual) external USB drive, which I plug into VirtualBox and boot from it in a virtual machine. That is, without leaving the main system, I boot from an external disk. This is an excellent solution – the process of unpacking packages began to take a few minutes, but this is a little complicated method and it does not suit everyone.

If you want to work exclusively in VirtualBox and not connect an external USB drive, then as an option, you can remove two packages that take the most time to decompress, this is exploitdb and metasploit-framework. Moreover, the metasploit-framework package is a dependency for such tools as: armitage, commix, ghost phisher, jboss-autopwn, maltego-teeth, msfpc, set, u3-pwn, unicorn-magic. If you use any of these packages, then this method will not suit for you. If you do not need these packages, you can remove them with the command:

As a result, the update process will not hang for a whole day if a new version of exploitdb or metasploit-framework has been released.

What to do when the update is broken?

If your computer rebooted (power outages, computer froze, and other causes) when you run Kali Linux updates, an error may occur with the next update.

Start by running the command:

Then try updating again.

If it fails again, then repeat the command

And again try to start the update.

If this does not help, then pay attention to which particular package causes the error? Remove this package. If the system writes that the package being removed is dependencies for other packages, then remove them all.

In this case, I recommend writing out the names of the packages to be deleted somewhere, in order to reinstall them and return the system to its original state.

After removing the problem package, try again a couple of times:

If the error disappears and the system is successfully updated, then return the remote packages.

Failed to fetch InRelease

I did not encounter such an error (apparently due to the fact that I always set the HTTPS protocol in the sources of applications), but this error is described here and shows how to fix it.

This error occurs when updating the program cache with the command:

By default, the /etc/apt/sources.list repository file already mentioned above contains an entry without the HTTPS protocol, but a mirror to which the apt package manager can only use the HTTPS protocol use only HTTP protocol). Due to this incompatibility, the mirror rejects the connection coming from the update manager.

The easiest way to fix this error is to replace HTTP with secure HTTPS. To do this, open the /etc/apt/sources.list file, and replace the line with:

Than again start the cache updating — the problem should now completely disappear:

The system occupies a lot of disk space

If the amount of used space increases and you cannot understand with which files your hard disk is filled, I recommend thinking about the file cache.

By default, all files downloaded for updating are not deleted. To remove them all, run the command:

Packages that are no longer used in the system after the upgrade can also accumulate; to remove them, issue the following command:

Источник