If you're running sudo apt update on your Kali Linux system and encountering a GPG error like this:
Err:7 http://mirror.sg.gs/kali kali-rolling InRelease Sub-process /usr/bin/sqv returned an error code (1), error message is: Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature.
You're not alone. This issue occurs when the package manager fails to verify the repository signature due to a missing public key. Let's break down what this means and how to fix it.
What's Happening?
Linux package managers like apt use GPG keys to ensure that software packages come from trusted sources. When a key is missing, apt can't verify that the packages haven't been tampered with — so it throws an error and skips the update.
The Missing Key
The key that’s missing in this case is:
827C8569F2518CC677FECA1AED65462EC8D5E4C5
This key is used to sign the Kali Linux rolling repository (kali-rolling).
The Fix: Add the Missing GPG Key
To resolve this error, you need to manually add the missing key.
Option 1: Using apt-key (Simple but Deprecated)
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 827C8569F2518CC677FECA1AED65462EC8D5E4C5
⚠️ Note: apt-key is deprecated in recent Debian-based systems, but still works for backward compatibility.
Option 2: Using gpg with Modern Method
This is the preferred method for systems with newer apt versions:
curl -fsSL https://archive.kali.org/archive-key.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/kali-archive-keyring.gpg
Then, Run the Update Again
Once the key is added, retry:
sudo apt update
You should now see a clean update process with no signature errors.
Bonus: Check Your sources.list
Make sure you're using a trusted mirror. Open /etc/apt/sources.list and verify this line:
deb http://http.kali.org/kali kali-rolling main non-free contrib
Using unofficial mirrors like mirror.sg.gs may occasionally cause such key mismatches or delays in key propagation.
Final Thoughts
Security is non-negotiable — and apt enforcing signature checks is a good thing. When GPG issues pop up, it’s a reminder that your system is doing its job to protect you.
If you’re scripting deployments or updates on multiple machines, make sure the key is available on all systems or bake it into your automation.
Happy hacking 👨💻 and stay secure! 🔐