Safe to add PGP keys to Pacman?

in order to install Proton VPN from the AUR,i need to add a PGP key to Pacman:

is it safe,any drawback?

not exactly

If your package manager fails to fetch or import the key

pamac import key for us as with many aur packages

1 Like

That tutorial is incorrect. You don’t add it to Pacman’s keyring, you add it to your personal keyring:

gpg --recv-key A88441BD4864F95BEE08E63A71EB474019940E11

If you use an AUR helper like Pamac or Yay, it will handle importing the key.


i already tried it in a VM,and it fails to import the key,so i added it manually.
as i understand from your answers,it’s a normal step that happens regularly with many AUR packages,
and i need to run @Yochanan command and skip the 2 other commands they gave?

with AUR: never use pacman-key but gpg

pamac and yay can import developer keys for us (sometime name server is bad…)
read aur page is always good, other way to install key

1 Like

the VM i ran was Arch and didn’t have Pamac,so i guess on manjaro it will be able to take care of it.
i read the article you provided;
so do i still need to run gpg --lsign <KEYID>? and what about gpg --finger <KEYID> ?
i read the AUR page,but this one:

No, those commands are not necessary.

1 Like

with command pacman-key :sob: instead of gpg

1 Like

Thank you both :+1: