diff --git a/src/dev/build/tasks/fleet/download_elastic_gpg_key.ts b/src/dev/build/tasks/fleet/download_elastic_gpg_key.ts
index 6cd0b351c4d31a..483a342ba300ec 100644
--- a/src/dev/build/tasks/fleet/download_elastic_gpg_key.ts
+++ b/src/dev/build/tasks/fleet/download_elastic_gpg_key.ts
@@ -13,9 +13,9 @@ import { ToolingLog } from '@kbn/tooling-log';
 import { downloadToDisk } from '../../lib';
 
 const ARTIFACTS_URL = 'https://artifacts.elastic.co/';
-const GPG_KEY_NAME = 'GPG-KEY-elasticsearch.sha1';
+const GPG_KEY_NAME = 'GPG-KEY-elasticsearch';
 const GPG_KEY_SHA512 =
-  '84ee193cc337344d9a7da9021daf3f5ede83f5f1ab049d169f3634921529dcd096abf7a91eec7f26f3a6913e5e38f88f69a5e2ce79ad155d46edc75705a648c6';
+  '62a567354286deb02baf5fc6b82ddf6c7067898723463da9ae65b132b8c6d6f064b2874e390885682376228eed166c1c82fe7f11f6c9a69f0c157029c548fa3d';
 
 export async function downloadElasticGpgKey(pkgDir: string, log: ToolingLog) {
   const gpgKeyUrl = ARTIFACTS_URL + GPG_KEY_NAME;
diff --git a/x-pack/plugins/fleet/server/config.ts b/x-pack/plugins/fleet/server/config.ts
index dea1852c5d8f45..60d62c099498ea 100644
--- a/x-pack/plugins/fleet/server/config.ts
+++ b/x-pack/plugins/fleet/server/config.ts
@@ -27,7 +27,7 @@ import {
 import { BULK_CREATE_MAX_ARTIFACTS_BYTES } from './services/artifacts/artifacts';
 
 const DEFAULT_BUNDLED_PACKAGE_LOCATION = path.join(__dirname, '../target/bundled_packages');
-const DEFAULT_GPG_KEY_PATH = path.join(__dirname, '../target/keys/GPG-KEY-elasticsearch.sha1');
+const DEFAULT_GPG_KEY_PATH = path.join(__dirname, '../target/keys/GPG-KEY-elasticsearch');
 
 export const config: PluginConfigDescriptor = {
   exposeToBrowser: {
diff --git a/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts b/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts
index b4432e8919d0cc..92068dfcd424d5 100644
--- a/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts
+++ b/x-pack/plugins/fleet/server/services/epm/packages/package_verification.ts
@@ -57,7 +57,9 @@ export async function _readGpgKey(): Promise<openpgp.Key | undefined> {
   }
   let key;
   try {
-    key = await openpgp.readKey({ armoredKey: buffer.toString() });
+    key = await openpgp.readKey({
+      armoredKey: buffer.toString(),
+    });
   } catch (e) {
     logger.warn(`Unable to parse GPG key from '${gpgKeyPath}': ${e}`);
   }
@@ -128,6 +130,13 @@ async function _verifyPackageSignature({
     verificationKeys: verificationKey,
     signature,
     message,
+    config: {
+      // See https://github.com/openpgpjs/openpgpjs/blob/d6145ac73eebcf66bdeb0873aa60fc49361e1aeb/src/message.js#L800-L809
+      // Essentially, since the sha1 key was reformmated to sha256 as part of https://github.com/elastic/elasticsearch/issues/85876,
+      // there's an error around the creation timestamp for the key/signature. Passing this config allows the verification to succeed
+      // despite the key being reformatted.
+      allowInsecureVerificationWithReformattedKeys: true,
+    },
   });
 
   const signatureVerificationResult = verificationResult.signatures[0];