Kali Linux on WSL: Invalid repository signature and no gpg installed to fix

I recently installed Kali under WSL, but I'm unable to run apt install (from network), apt update (to completion) or apt upgrade. The Kali repository is the sole member of sources.list, but its PGP signature is invalid. Unfortunately, the WSL distribution didn't ship with an install of PGP, so I'm unable to use apt-key add. Is the Kali WSL image broken, or suffering from a known bug? Can I run dpkg --install on a downloaded .deb so I'm able to run apt update?


Yes, this is a problem when installing Kali via wsl --install kali-linux.

For some reason, the command-line installer is using the (very, very, very) outdated 2019.2 release of Kali on a CDN. I can't figure out if this is a Microsoft issue (since the CDN seems to be owned by Microsoft), or a Kali issue (since Microsoft says Kali hasn't updated the files).

Kali is continuing to provide new releases for WSL, just that they update the Microsoft Store version. If you can install from the Microsoft Store, it is currently at 2021.3 and does update properly.

If you can't install from the Microsoft Store, I provide several alternatives in this Unix & Linux Stack answer.