Fix “WARNING: The following packages cannot be authenticated!” in Kali Linux

I just reinstalled Kali 1.0.5 and successfully did apt-get update and apt-get upgrade. But when I am trying to do an apt-get dist-upgrade I get this error

“WARNING: The following packages cannot be authenticated!”

Obviously I don’t want to install un-authenticated package. So I cancelled. Did some Googling and different people in different versions of Linux seems to have similar problem, however there wasn’t any clean solution specific for Kali Linux. I finally managed to figure it out and decided to write a small guide on it. So, next time someone else having the same issue, all they need to do is follow my guide and it will be fixed.

As you can see I cancelled this upgrade

Fixing “WARNING: The following packages cannot be authenticated!”

I went through the following troubleshooting steps before I managed to solve it. Most GPG key issues can be fixed in similar ways.

Troubleshooting

I’ve arranged the troubleshooting steps by dot points.

Check Repositories

First thing I made sure that I have the correct Official Kali Linux repositories. If you don’t know how or what just follow the guide below to fix your repositories.

How to add official Kali Linux Repositories?

Check GPG Keys

Now that I know I have the correct repositories, next stop was to check my GPG keys (apt-key). I issued the following command to check my GPG keys:

apt-key list

As you can see from the screenshot, it looks OK, nothing suspicious. Just to make sure, I did an update of my GPG keys. Again this can be done via command line.

apt-key update

Tried another apt-get update and apt-get dist-upgrade, received same error. This is now getting annoying.

Reinstall keyring

For every distro there’s one package that will install all the necessary keyrings. Kali keyring package is named kali-archive-keying. Similar naming for other distroes. For example:

1. Kali Keyring – kali-archive-keyring
2. Debian Keyring – debian-archive-keyring
3. Ubuntu Keyring – ubuntu-archive-keyring

So all I had to do install keying package again and this problem would go away.Just note that you need to use aptitude command instead of apt-get here.

Easy done, typed in the following in terminal.

aptitude reinstall kali-archive-keyring

Retry distribution upgrade

Tried another apt-get dist-upgrade.

Worked just fine this time.

Quick note

Ubuntu or Debian users can fix similar errors by following same steps. Just replace the keyring name. For example:

aptitude reinstall ubuntu-archive-keyring

and so forth..

Conclusion

It’s been a while I reinstalled Kali (I managed to completely mess up my MBR when mix-matching multiple Linux distros and Windows!). Luckily didn’t loose any data (Huzzaah for movies and music!!). Did a complete re-partition and installed Kali 1.0.5 x64 in it.

You should never install a package that you can’t verify. There can be a number of reason why you shouldn’t. If someone is DNS spoofing on your network, you end up getting packages from untrusted sources and in Linux that is a BIG problem. There’s no end to possibilities what a person can do in Linux when they have full access to your system. Virus and malwares are getting more and more common in Linux since 2009. Be careful. Just casue you’re on Linux, doesn’t mean you’re protected (always!).

Thanks for reading. Hope you liked it, please share.