pacman-key

Initialize the pacman keyring

$ sudo pacman-key --init

$ sudo pacman-key --populate

$ pacman-key -l

$ sudo pacman-key -a [path/to/keyfile.gpg]

$ sudo pacman-key -r "[uid|name|email]"

$ pacman-key -f "[uid|name|email]"

$ sudo pacman-key --lsign-key "[uid|name|email]"

$ sudo pacman-key -d "[uid|name|email]"

pacman-key [options] [operation]

pacman-key is a wrapper around GnuPG for managing the keyring used by pacman to verify package signatures. It handles key initialization, importing, signing, and trust management.
On a fresh Arch Linux installation, run --init to create the keyring, then --populate to add the official Arch Linux packager keys. For third-party repositories (like AUR helpers or custom repos), manually add and sign their keys.
Key signing (--lsign-key) marks a key as trusted, allowing pacman to install packages signed by that key without warnings.

--init

Initialize the pacman keyring

Reload the default keys from the archlinux-keyring package

List keys from the public keyring

Add keys from a file

Fetch keys from a keyserver

Show key fingerprint

Locally sign a key (trust it)

Remove a key from the keyring

Update keys from the keyserver

Requires root privileges for most operations. Key initialization needs sufficient entropy; if it hangs, generate activity (disk I/O, network, typing). The keyring is stored in /etc/pacman.d/gnupg/. Corrupted keyrings can be reset by removing this directory and reinitializing.

Introduced with pacman 4.0 in 2011 to support package signing, enhancing security by cryptographically verifying package integrity and authenticity.

pacman(8), gpg(1), makepkg(8)