Hit:1 https://packages.microsoft.com/ubuntu/16.04/prod xenial InRelease
Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling InRelease [30.5 kB]
Hit:3 http://repo.steampowered.com/steam precise InRelease
Hit:4 https://packages.microsoft.com/ubuntu/16.04/mssql-server xenial InRelease
Hit:5 https://packages.microsoft.com/repos/vscode stable InRelease
Err:2 http://mirrors.ustc.edu.cn/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Hit:6 http://repository.spotify.com stable InRelease
Hit:7 http://repo.yandex.ru/yandex-browser/deb beta InRelease
Hit:8 https://repo.skype.com/deb stable InRelease
Ign:9 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:10 http://dl.google.com/linux/chrome/deb stable Release
Hit:12 https://deb.opera.com/opera-stable stable InRelease
Reading package lists... Done
W: GPG error: http://mirrors.ustc.edu.cn/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
E: The repository 'http://mirrors.ustc.edu.cn/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

wget -q -O - archive.kali.org/archive-key.asc | apt-key add

# apt-get update
...
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/deadsnakes/ppa/ubuntu hirsute Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
...

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "<Public Key>" # 将 <Public Key> 替换为公钥，这里应是 3B4FE6ACC0B21F32 字符串
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.H6uxKa3sXF/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
gpg: key 3B4FE6ACC0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

# wget -qO - https://deb.opera.com/archive.key | sudo apt-key add -

# apt-key adv --fetch-keys http://deb.opera.com/archive.key