I started getting this same error yesterday, in varying flavors.
When doing an apt-get update
Code:
Reading package lists... Done
W: GPG error: http://http.kali.org kali Release: The following signatures were invalid: BADSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
Sometimes
Code:
W: Failed to fetch gzip:/var/lib/apt/lists/partial/http.kali.org_kali_dists_kali_main_binary-amd64_Packages Hash Sum mismatch
W: Failed to fetch gzip:/var/lib/apt/lists/partial/http.kali.org_kali_dists_kali_non-free_binary-i386_Packages Hash Sum mismatch
E: Some index files failed to download. They have been ignored, or old ones used instead.
Sometimes
Code:
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://http.kali.org kali Release: The following signatures were invalid: BADSIG ED444FF07D8D0BF6 Kali Linux Repository <[email protected]>
W: Failed to fetch http://http.kali.org/kali/dists/kali/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.
Thought maybe the repos were updating or undergoing some sort of maintenance, but the issue persists today. Have done all the apt-get clean, autoclean, remove, autoremove stuff.
I'm not a crypto guy, and maybe I'm overcautious and skeptical, but getting crypto errors 1 day after GnuTLS vuln was big news, and packages like libgnutls-openssl27 in the update queue, well it doesn't give me a warm and fuzzy.